Trump Hotels Hit with Data Breach Lawsuit

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.lawyersandsettlements.com/articles/data-breach/donald-trump-hotel-collection-thc-21021.html#.Vje51fmrS00

While Donald Trump continues to stump across America in his bid for the US
Republican nomination (and is scheduled to serve as host of Saturday Night
Live next month), the hotel chain that bears his name is facing a data
breach class action after systems were hacked in two hotels in New York and
other locations in Chicago, Miami, Las Vegas, Waikiki and Toronto.

According to the proposed data breach lawsuit, malware - since removed -
was found in the Trump Hotel Collection’s systems. Customers of the Trump
Hotel Collection (THC) who might have used their credit cards at the
above-noted locations between May 19, 2014 and June 2 of this year may have
been hacked. While there is no record or sense that information was
actually removed from the THC database, the information was found to have
been accessed nonetheless, resulting in a data breach.

According to the data breach lawsuit, “the root cause of the data breach
was defendants’ failure to fix elementary deficiencies in their security
systems, abide by industry regulations and respond to other similar data
breaches directed at retailers…Had defendants acted competently, criminals
would have been unable to access the [personal identifying information],”
the lawsuit contends.

The data breach class action also claims that illicit websites are now
selling the stolen data to international counterfeiters. In particular, the
data breached included card numbers, expiration dates and security codes.
In a statement, THC noted that customers who paid by card at locations in
Las Vegas and Waikiki may have also had their names exposed to the hackers.

It has not been determined when the data breach was discovered, but
according to sources, the THC immediately notified the Federal Bureau of
Investigation (FBI) as well as banks and other authorities and hired an
outside investigator. THC also said it would offer a year’s worth of credit
monitoring for any customer who may have been affected by the data breach.
That’s not good enough for potential plaintiffs, who allege violations of
Illinois state consumer protection laws and data breach notification
statutes, negligence, breach of contract and unjust enrichment. The data
breach lawsuit seeks unspecified damages. The suit also alleges that THC
failed to disclose the breach or notify the plaintiffs in a timely manner,
preventing them from protecting themselves and their identities. The
proposed class-action lawsuit has the potential to represent thousands of
plaintiffs.

Data breaches have become an increasing problem in recent years, as more
consumer transactions are logged online. Consumers trust vendors and
retailers to maintain secure sites with proper encrypting and firewalls.
And yet, in many cases hackers keep one step ahead of the latest online
security protocols. In other cases, various retailers and corporations have
been found to maintain platforms and security protocols that are lacking
and outdated.

Little wonder that data breach lawsuits are on the rise.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!