In addition to Hard Rock Hotels & Casinos, Loews Hotels, and Four Seasons Hotels and Resorts, Trump International Hotels is informing customers that the third-party hospitality solutions provider Sabre Corporation, which handles bookings for the resorts, has suffered a breach that extended from August 10, 2016 through March 9, 2017.

Loews Hotels published a statement that indicated the breach involved cardholder names, payment card numbers, and card expiration data and security code, and in some cases guest names, email addresses, phone numbers, addresses and other information.

Trump Hotels statement was almost word for word the same as the Loews statement but included a list of affected resorts: Trump Central Park, Trump Chicago, Trump Doonbeg, Trump Doral, Trump Las Vegas, Trump Panama, Trump Soho, Trump Toronto, Trump Turnberry, Trump Vancouver, Trump Waikiki, Trump DC, Trump Rio De Janeiro and Albemarle Estate.

This is the third breach of Trump Hotels which were fined in 2016 by the New York Attorney General Eric Schneiderman. The hotel agreed to pay more than $500,000 in fines due to the exposure of more than 70,000 credit card numbers.

"That this is the third breach in as many years for Trump Hotels demonstrates that hospitality industry is falling short when it comes to identifying which third parties pose the greatest risk," said Fred Kneip, CEO at cyber risk management company CyberGRX. "The methods companies use to assess, manage, and mitigate third-party cyber risk need to evolve along with the threats they face.”

VASCO Data Security director, Michael Magrath, said that more announcements could be forthcoming. "How widespread the Sabre breach was won't be known for several months. [These incidents] may just be the top of the iceberg," said Magrath. "Cyber criminals continue to penetrate under secure systems, often targeting usernames and static passwords or compromising unsecure mobile applications."

Source: SCMagazine