Donald Trump's hotel group investigating credit card data breach

Breach at hotels group owned by US presidential candidate Donald Trump may have first occurred six months ago

Trump Hotel Collection, the group of luxury resorts owned by high profile American business empire proprietor and US presidential candidate Donald Trump, is investigating a potential data breach of credit card details.

According to security blogger Brian Krebs, the Trump hotel group has been dealing with a data breach which appears to go back at least six months to February 2015.

It's believed that Trump hotel resorts in New York, Miami, Chicago, Las Vegas, and Honolulu have all suffered cyber security breaches in that time.

Hotels and retailers are regularly targeted by cyber criminals, with Hard Rock Hotel another recently revealed to be a victim of a credit card breach.

Trump Hotel Collection hasn't confirmed that it has been the victim of a security breach by cyber criminals, but Eric Trump, executive vice president of development and acquisitions - and Donald Trump's son - admitted that an investigation is underway.

"Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties," he said in a statement.

"We are committed to safeguarding all guests' personal information and will continue to do so vigilantly," Trump added.

Given how multiple branches of the Trump Hotel Collection have seemingly been victims of a security breach, Ken Westin, senior security analyst at Tripwire, believes the attack has been carried out by sophisticated cyber criminals.

"Much like many of the other breaches we have seen targeting the retail and hospitality sector, this is not an attack that targeted a single hotel or store. Instead this was the result of a larger more sophisticated and orchestrated attack," he said.

Westin suggested that a vulnerability in backend systems or applications - potentially ignored in order to save costs - could have provided a weak point for cyber criminals to make off with stolen data.

"When a larger group of organisations appears to be involved it usually indicates that the breach took advantage of shared network resources or applications," he said.

"Many organisations share backend systems and payment gateways to reduce cost and increase operational efficiency, and the data on these shared systems are very high value targets for attackers," Westin concluded.

Trump Hotel Collection has a difficult task ahead in determining who is responsible for the data breach.

Speaking recently, security expert Brucie Schneier warned it's impossible for organisations tell whether they're being targeted by a nation state for political means or just a couple of "guys in a basement" doing it because they can.