Trump Hotel Group may have been breached for a second time

In light of recent news that the Trump Hotel Group may have been breached for a second time Tod Beardsley, Security Research Manager at Rapid7, commented:

“Today’s news that the Trump Collection of properties has been breached is eerily familiar. While it’s possible that the real story behind the breach could be anything from a disgruntled insider, to a breach of the core IT systems used in Trump properties, or some unique method of obtaining credit card data from Trump customers, the Krebs story sounds like many of the point-of-sale (POS) compromises that have recently hit major hotel and hospitality companies over the last 18 months.

I would be surprised if the techniques used by the attackers in this case were substantively different from those used against Starwood, Hyatt, and Hilton. We’ve seen that in the hotel industry, the POS systems are generally the weakest link in the IT chain, and technically savvy criminal organisations have clearly figured this out.

Retail companies, hotel chains, and restaurants should examine their own POS installations for common misconfigurations and exposures, such as default and easily guessed passwords, outdated software, and poor network segmentation.”

As well as the above there has been further comment from Chris Webber, Security Strategist at Centrify:

“The report of the breach at the Trump Hotel Collection is not surprising given the amount of public attention on Donald Trump himself, as well as the general fact that hotels are a popular target for attackers.

It seems unlikely that this is a politically-based attack, but just another in a long string of credit card breaches resulting from stolen credentials. One thing we can be sure of is that Trump is a target for both Hacktivists and financially-motivated attackers. Just last month Hacktivist group Anonymous posted a video declaring Trump an “enemy of the constitution,” and included a “gift” of his social security number and other personal information.

Whilst Trump is a polarising figure, we must recognise that we are all targets and we are only as strong as our weakest password. Perhaps Anonymous said it best in their video addressing Donald Trump “You should have expected us.” If we continue to rely on passwords for protection, we should all expect to be breached as well.”

Image Source: Pixbay

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...