According to news reports, guests at 14 Trump properties across the USA and parts of Canada have had their credit card information exposed for the third time in as many years. A letter posted on the Trump Hotels corporate website explained that the hackers broke into Sabre Hospitality Solutions, a reservation service used by Trump Hotels, and stole data between August 2016 and March 2017. Lisa Baergen, Director at award-winning passive biometrics and behavioural analytics company, NuData Security commented below.
Lisa Baergen, Director at NuData Security:
“The full scope of the Sabre breach is still not yet known, and perhaps might never be fully known given the global reach of the Sabre reservations network. What is known, however, is that more and more hospitality chains are now announcing that customers have been impacted and the breach of their consumers’ personal financial information is damaging to both the customers and to the brands they’ve come to trust.
“Whenever personally identifiable information (PII) is compromised by a third-party provider, such as Sabre, the looted consumer data can be made available to be cross-correlated with details from a plethora of other breaches and social platforms to create comprehensive digital identities. These full packages of identity information are more valuable to hackers, rendering the potential victims susceptible to fraud, identity theft, account takeovers. And for the brands themselves, likely that these impacted consumers will be potentially less loyal to their brands of choice.
“Every organisation entrusted with PII – both the direct-to-consumer providers such as the hospitality chains and the third parties such as Sabre – should constantly be testing and hardening their defences, and embracing more proactive and effective levels of security such as consumer behaviour analytics solutions to help prevent identity thefts. These sorts of breaches are now just too widespread to justify continued faith in legacy approaches, and too much consumer data is now ‘in the wild’ to protect consumers with outdated technology.
“Consumers need to accept it isn’t a matter of if they will be impacted anymore with the widespread proliferation of breaches; but when. Organisations charged to protect this data need to be more judicious and find a multilayered solution that better balances customer experience and security. Old point solutions, simple second factor approaches or putting up walls no longer suffice.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.