To this day, we still don’t know exactly what caused the breach, what steps are being taken or planned to safeguard customer data in the future, or how many user accounts were impacted. According to the company spokesperson, all we really know is that Trump Hotels takes data security seriously.
Working hard or not, eyebrows were raised recently when rumors began circulating, courtesy of ISMG (the Information Security Media Group), which noted a pattern of fraudulent credit card activity that traced back to the Trump Hotels.
For their part, spokespeople for the hotel chain have neither confirmed nor denied the rumor, merely reiterating their earlier statement that they are committed to safeguarding the personal information of all guests, and will continue to do so.
Whatever the truth of the matter, it’s not a clear cut case. While ISMG found and identified the pattern, that, in isolation, is not definitive proof of a second breach, and there is a case to be made that there’s no second breach in any case.
As security blogger Brian Krebs pointed out, the fraudulent transactions we’re seeing now could simply be a “second wave” of charge activity that is perfectly in keeping with the standard MO of hackers. Once they secure credit card data, you’ll see a rash of fraudulent charges. Then, there’s a lull of several months to allow sufficient time to pass that the breach is out of the headlines and forgotten. At that point, the hackers will test the card data they have, and if any are still open, a second round of charges will be made.
At this point, there are no definitive answers, but it’s better to be safe than to be sorry, so if you stayed in a Trump Hotel between November of 2015 and March of 2016, or May 2014 to June 2015, your best bet would be to take appropriate steps to protect yourself, as it’s possible that your card was compromised. Check your statements closely and contact your credit card company to see if there are any signs of compromise.