Cyber Incident Victim: The Trump Hotel Collection
Date:
Feb 2015
Location:
United States of America
Summary
A credit card breach impacted multiple luxury hotel properties within a prominent U.S. chain, with financial institutions tracing fraudulent charges to accounts used at its locations. The organization acknowledged potential suspicious activity and initiated an investigation, though specifics on scope or cause were undisclosed. Affected sites spanned major cities including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York. This incident aligned with a broader pattern of compromises targeting hospitality brands, as evidenced by similar breaches at other major hotel operators during the same period. The surge in such attacks was partly attributed to criminals exploiting vulnerabilities in magnetic stripe card technology before anticipated security upgrades to chip-based systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In July 2015, multiple U.S.-based banks identified a pattern of fraudulent credit and debit card charges linked to accounts used at Trump Hotel Collection properties. Financial industry sources traced the fraudulent activity to several Trump Hotel locations, including those in Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York. The breach timeline extended back to at least February 2015, though the exact duration remained unconfirmed. The Trump Organization initially declined to comment on the banks' reports despite repeated inquiries. On July 1, 2015, Eric Trump, Executive Vice President of Development and Acquisitions, acknowledged the situation through a brief statement confirming an investigation into "potential suspicious credit card activity." The statement emphasized the company's commitment to safeguarding guest information but did not disclose technical details about the breach's origin, scope, or methodology. No specific attacker actions, intrusion methods, or compromised systems were publicly identified during the initial disclosure. The company provided no information about detection methods, containment measures, or the number of affected customers.
The incident occurred amid a surge in credit card breaches targeting hotel brands, restaurants, and retailers. In March 2015, Mandarin Oriental disclosed a card compromise, followed by White Lodging's April 2015 announcement of its second card-processing system breach within 12 months. Industry analysts linked the increase in such breaches to the impending October 2015 U.S. transition to chip-based EMV cards, which would shift fraud liability costs to merchants using outdated magnetic-stripe systems. Magnetic-stripe cards, still dominant in the U.S. at the time, stored static data vulnerable to theft and replication onto counterfeit cards. The Trump Hotel breach exemplified how attackers targeted this legacy technology before its phased replacement. No customer data types beyond payment card information were confirmed as compromised, and the company did not release subsequent updates about investigation findings, remediation steps, or financial impacts. The breach's public confirmation relied exclusively on bank fraud analyses and the organization's limited statement, with no independent verification of root causes or forensic conclusions.