There’s a very interesting discussion going on in the United States right now about whether President Donald Trump and his family have been in touch with Russian government agents presumably tied to Russian hackers.
While the situation is murky, to say the least, we can say with confidence that Trump has run afoul of hackers in a much more quotidian way. The Trump Hotels line, controlled by the president and his family, has fallen victim to a widespread data breach, which may have compromised everything from guests' names to their full credit-card information.
The Trump Hotels organization issued a statement explaining that the hotels use a third-party reservation system known as Sabre SynXis. Sometime before March 31, hackers attacked Sabre SynXis' systems and cracked them wide open, exposing information pertaining to individuals and companies who had made reservations at fourteen Trump-branded hotels all around the world, as well as at other well-known hotel chains. Guests who stayed in the affected Trump properties between August 2016 and March 2017 are at risk of credit-card fraud.
While Sabre did not reveal exactly how hackers gained access to its information, it a malicious party may have gained login information and used that to steal guest records. The stolen records included guests’ full names and credit-card numbers, expiration dates and security codes, as well as email addresses, phone numbers and home addresses.
The Trump Hotels notification pointed out that Social Security numbers, passports and driver's licenses were "not accessed," so at least you won’t have to change your name and flee the country. Probably.
If you stayed at a Trump Hotel during the dates indicated, your best bet is to keep tabs on your credit-card bills and keep an eye out for suspicious activity. (Or just cancel them outright; most banks will replace credit cards at no cost if there are security concerns.) The Trump Hotels organization also recommends that users obtain a credit report, and report fraud if they see anything untoward.
Because Sabre SynXis handles reservations for a variety of other hotel chains, Trump's properties are not the only ones affected. Hard Rock Hotels last week admitted that its customers were also involved, and Loews Hotels has reportedly been sending its customers breach notifications. In late June, Google warned its own employees that their personal infromation might have been compromised after Google's corporate travel agent, Carlson Wagonlit Travel, revealed that it had been hit by the Sabre SynXis breach.
The Sabre breach was first reported by independent security reporter Brian Krebs back in May, after Sabre mentioned it in a quarterly filing with the Securities and Exchange Commission. Sabre has posted its own information pertaining to the breach, but has not named any client companies that may be involved.
The moral of the story, if there is one, isn't clear. After all, hotel guests can't do much to protect themselves from a data breach at an institutional level. Cheaper hotels might prove a less attractive target, but really, wherever there's a large group of people's names and credit-card information, opportunistic criminals won't be too far behind.
So there you have it: You can now say in good faith that Trump was hacked. It's not the kind of hack that will rock the United States to its core, but who knows: Maybe Russian cybercriminals were behind it after all.