The credit card information of some Trump Waikiki Hotel customers was exposed after a breach of hospitality reservations booking service Sabre SynXis Central Reservations. Sabre is used by Trump International, Four Seasons, Hard Rock, Loews, and is used to manage bookings at thousands of other hotel sites.
The breach affected customers staying in Trump Hotels at 14 sites around the world, including Trump Waikiki, from August 2016 to March 2017. Customer names, addresses, payment card numbers, expiration dates, and possibly card security codes were exposed because of the Sabre breach, but, according to the statement, the Trump Hotel systems themselves were never compromised.
In a statement, Four Seasons Hotels and Resorts say “an unauthorized party gained access to account credentials that permitted unauthorized access to certain unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through Sabre’s system.” The announcements did not indicate if any of the company’s four Hawaii sites were affected.
Trump Hotels have been involved in several payment card and customer data breaches in the past, and in 2016 they were fined for failing to notify customers in a timely manner when 70,000 credit card numbers and hundreds of social security card numbers were exposed.
Four Seasons, NOTICE OF SABRE DATA SECURITY INCIDENT IMPACTING GUEST PAYMENT CARD INFORMATION (pdf)
Trump Hotels, NOTICE REGARDING GUEST PAYMENT CARD INFORMATION (pdf)