Trump Hotels Hit with Data Breach Lawsuit

Chicago, ILWhile Donald Trump continues to stump across America in his bid for the US Republican nomination (and is scheduled to serve as host of Saturday Night Live next month), the hotel chain that bears his name is facing a data breach class action after systems were hacked in two hotels in New York and other locations in Chicago, Miami, Las Vegas, Waikiki and Toronto.

According to the proposed data breach lawsuit, malware - since removed - was found in the Trump Hotel Collection’s systems. Customers of the Trump Hotel Collection (THC) who might have used their credit cards at the above-noted locations between May 19, 2014 and June 2 of this year may have been hacked. While there is no record or sense that information was actually removed from the THC database, the information was found to have been accessed nonetheless, resulting in a data breach.

According to the data breach lawsuit, “the root cause of the data breach was defendants’ failure to fix elementary deficiencies in their security systems, abide by industry regulations and respond to other similar data breaches directed at retailers…Had defendants acted competently, criminals would have been unable to access the [personal identifying information],” the lawsuit contends.

The data breach class action also claims that illicit websites are now selling the stolen data to international counterfeiters. In particular, the data breached included card numbers, expiration dates and security codes. In a statement, THC noted that customers who paid by card at locations in Las Vegas and Waikiki may have also had their names exposed to the hackers.

It has not been determined when the data breach was discovered, but according to sources, the THC immediately notified the Federal Bureau of Investigation (FBI) as well as banks and other authorities and hired an outside investigator. THC also said it would offer a year’s worth of credit monitoring for any customer who may have been affected by the data breach.

That’s not good enough for potential plaintiffs, who allege violations of Illinois state consumer protection laws and data breach notification statutes, negligence, breach of contract and unjust enrichment. The data breach lawsuit seeks unspecified damages. The suit also alleges that THC failed to disclose the breach or notify the plaintiffs in a timely manner, preventing them from protecting themselves and their identities. The proposed class-action lawsuit has the potential to represent thousands of plaintiffs.

Data breaches have become an increasing problem in recent years, as more consumer transactions are logged online. Consumers trust vendors and retailers to maintain secure sites with proper encrypting and firewalls. And yet, in many cases hackers keep one step ahead of the latest online security protocols. In other cases, various retailers and corporations have been found to maintain platforms and security protocols that are lacking and outdated.

Little wonder that data breach lawsuits are on the rise.

The case is John Driscoll et al. v. Trump International Hotels Management LLC et al., case number 3:15-cv-01089, in the US District Court for the Southern District of Illinois.