Scam of the day – July 13, 2017 – Trump Hotels hit with data breach

For the third time in three years, Trump Hotels have been victimized by a major data breach, however, this time the data breach was of Sabre Hospitality Solutions, a reservation booking service used by Trump Hotels. The data breach which occurred between August 2016 and March 2017 affected fourteen Trump hotels.  Compromised information included guest names, addresses, phone numbers, credit card numbers and credit card expiration dates.  If you stayed at a Trump Hotel during the time of the data breach, you should use this link provided by Trump Hotels to determine if your hotel was one of the compromised hotels.

https://www.trumphotels.com/uploads/14111/0/trump-sabre-notice-website-letter.pdf

TIPS

If you were affected directly by this data breach, your credit card may be used for fraudulent purposes so you should monitor your credit card statements regularly and often.  This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used.  You should not use your debit card for anything other than an ATM card.

Scam of the day – July 15, 2016 – Omni Hotels data breach

Omni Hotels and Resorts just became the latest hotel chain to suffered a massive data breach joining Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels who all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.  Although the data breach at Omni was just recently discovered, it goes back to December 23, 2015 and was stealing credit card and debit card data from Omni Hotels up until June 14, 2016.  The Omni data breach affected forty-eight of Omni’s sixty hotels in North America.  As often is the case, hackers who steal the credit and debit card data sell it in large batches to other cybercriminals on a part of the Internet called the Dark Web.    The first batches of stolen credit cards and debit card information started turning up on the Dark Web in February of 2016.  The hotel industry continues to be an easy target for hackers as it is an industry that services large numbers of people and often the hotels are individually operated franchises rather than operating under a central data security system.  It should be noted, however, that Omni does not operate franchises.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Omni hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Omni and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Certainly if you have been an Omni customer since December 23, 2015 you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  If you were affected by this particular data breach, Omni  is offering free credit monitoring services for a year through AllClear ID.  You can sign up for these services by clicking on this link  https://omnihotels.allclearid.com/

Scam of the day – October 14, 2015 – Trump hotels sued regarding data breach

As I last reported to you on October 2nd, the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York just disclosed that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection just announced this a couple of weeks ago and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.    Now, a lawsuit has been filed in federal court in Missouri seeking class action status on behalf of the affected customers of Trump Hotels.  The lawsuit was filed by the lawfirm Hipskind & McAninch, which alleges that Trump Hotels were negligent in failing to remedy basic data security issues at their hotels, not discovering the data breach until long after it occurred and in failing to notify its customers in a timely fashion which put their customers at extreme risk of identity theft.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.

TIPS

If you are an affected customer and wish to be a part of the lawsuit, you can contact Hipskind & McAninch at info@hm-attorneys.com or by phone at 618-641-9189.  If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above although this may be of little value this long after the data breach occurred.  For more information about this offer, call the Trump Hotel Collection at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach. https://www.trumphotelcollection.com/cc-security-faq

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.

TIPS

If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach. https://www.trumphotelcollection.com/cc-security-faq

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – July 5, 2015 – Trump hotel chain hacked

Donald Trump seems to be constantly in the news these days.  Whether it is for declaring his candidacy for President of the United States or for making inflammatory comments, Trump is omnipresent in the media.  However, the latest Trump news event is not one with which he must be pleased.  It has just been disclosed that the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York has been hit with a Target-like credit card and debit card data breach that appears to have started at least as far back as February.  As with so many data breaches, it was discovered not by the company hacked but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.  This type of hacking and data breach is expected to happen again and again as companies still cling to the use of old fashioned credit and debit cards using magnetic strips rather than the more modern smart credit cards with computer chips that create a new one-time authorizing number each time the card is used.

Here is a link to a column I wrote for USA Today in September of 2014 in which I both described how these data breaches occurred and correctly predicted their continuing pattern. http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

TIPS

There is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which you do business.  One important thing to do is to refrain from using your debit cards except in ATMs.  Using your debit card at retail establishments puts you at much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Although the deadline for companies being required to install smart credit card readers is months away, you should ask your credit card company for a replacement credit card with a computer chip now.  Some stores, most notably Wall Mart are already using the safer smart chip cards.  Whenever you can use the smart credit card, it is important to do so.