Scam of the day – July 13, 2017 – Trump Hotels hit with data breach

For the third time in three years, Trump Hotels have been victimized by a major data breach, however, this time the data breach was of Sabre Hospitality Solutions, a reservation booking service used by Trump Hotels. The data breach which occurred between August 2016 and March 2017 affected fourteen Trump hotels.  Compromised information included guest names, addresses, phone numbers, credit card numbers and credit card expiration dates.  If you stayed at a Trump Hotel during the time of the data breach, you should use this link provided by Trump Hotels to determine if your hotel was one of the compromised hotels.

https://www.trumphotels.com/uploads/14111/0/trump-sabre-notice-website-letter.pdf

TIPS

If you were affected directly by this data breach, your credit card may be used for fraudulent purposes so you should monitor your credit card statements regularly and often.  This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used.  You should not use your debit card for anything other than an ATM card.

Scam of the day – August 14, 2016 – Kimpton Hotels investigating possible data breach

Kimpton Hotels,  a chain of 62 boutique hotels is looking into a possible data breach, which essentially means that they were indeed hacked and they are just trying to confirm this fact.  Almost in every instance when companies are hacked, it is the credit and debit card processors that notice a pattern of fraudulent card use and then trace it back to the hacked companies, which in this instance appears to have occurred in almost half of the Kimpton hotels in the  United States. When this is confirmed, Kimpton will just be the latest of a long line of hotels including  Omni Hotels and Resorts, Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels (twice) that all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Kimpton Hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Kimpton and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Scam of the day – April 7, 2016 – Trump hotels hit again by apparent data breach

In July and  October of 2015 I reported to you about a massive data breach at the Trump Hotel Collection, which involved hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that had gone for as long as a year before it was discovered.   Now as first reported by Brian Krebs,  Trump hotels in New York, Hawaii and Ontario, Canada apparently were hit with data breaches of their credit and debit card processing systems again.  As so often is the case in data breaches such as this, banks identified a pattern of fraudulent credit and debit card use that they  traced back to the affected Trump hotels.  The Trump Hotel Collection is presently investigating the apparent data breach.

Following the Trump hotels data breach of last year a lawsuit was filed in federal court in Missouri seeking class action status on behalf of the affected customers of Trump Hotels.  The lawsuit was filed by the law firm Hipskind & McAninch, which alleged that Trump Hotels were negligent in failing to remedy basic data security issues at their hotels, not discovering the data breach until long after it occurred and in failing to notify its customers in a timely fashion which put their customers at extreme risk of identity theft.   In the last year, hotels have been particularly targeted by hackers.

TIPS
If you used your credit and debit card at a Trump hotel in the affected cities, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.  However, as I will discuss in an upcoming scam of the day, the EMV smart chip credit cards are not a panacea to prevent data breaches although they represent a definite improvement in security.

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.

TIPS

If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach. https://www.trumphotelcollection.com/cc-security-faq

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – July 5, 2015 – Trump hotel chain hacked

Donald Trump seems to be constantly in the news these days.  Whether it is for declaring his candidacy for President of the United States or for making inflammatory comments, Trump is omnipresent in the media.  However, the latest Trump news event is not one with which he must be pleased.  It has just been disclosed that the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York has been hit with a Target-like credit card and debit card data breach that appears to have started at least as far back as February.  As with so many data breaches, it was discovered not by the company hacked but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.  This type of hacking and data breach is expected to happen again and again as companies still cling to the use of old fashioned credit and debit cards using magnetic strips rather than the more modern smart credit cards with computer chips that create a new one-time authorizing number each time the card is used.

Here is a link to a column I wrote for USA Today in September of 2014 in which I both described how these data breaches occurred and correctly predicted their continuing pattern. http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

TIPS

There is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which you do business.  One important thing to do is to refrain from using your debit cards except in ATMs.  Using your debit card at retail establishments puts you at much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Although the deadline for companies being required to install smart credit card readers is months away, you should ask your credit card company for a replacement credit card with a computer chip now.  Some stores, most notably Wall Mart are already using the safer smart chip cards.  Whenever you can use the smart credit card, it is important to do so.