Trump Hotels: When to Tell Customers Their Data Has Been Breached

There's no doubt that 2016's presidential election has been a contentious race, embroiled in bitter accusations and contested statements. The election has been more spectacle than it has educational, the first debate was no different.

One of the topics moderator Lester Holt brought to the debate was a question on cybersecurity. Though to be fair, while neither candidate gave a steadfast and clear answer as to how their administrations would combat state−sponsored cyber attacks, Trump himself (and the DNC) have had their electronic information breached before. For the DNC, it ended with the resignation of Debbie Wasserman Schultz. For Trump, the cyber breach ended with customer data being stolen. If Trump's hotel guests should discover that their credit and debit card numbers have been stolen, will Trump's cybersecurity insurance pay for the damages, or will restitution come out of his own pocket?

Trump's "Cyber Wall" is Not So Effective
News of the Trump Co. data breach first hit newsstands back in April, with Donald Trump's son Eric explaining that "like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses. [Trump Co.] is committed to safeguarding all guests' personal information and will continue to do so vigilantly." Despite the promise delivered in this prepared statement, it turns out that Trump Co. did not act vigilantly, and they did not do everything they could to protect their customers.

According to The Huffington Post, seven of Trump's hotels were given cybersecurity advice on how to better protect their customers' private data. The advice was not followed. In September, Trump's hotel company agreed to pay a $50,000 settlement for the breach and to update is cybersecurity system. This only happened after it was learned that Trump's hotel company did not notify its customers that a cybercriminal had infiltrated the Trump hotel network and stole private information and credit card numbers.

Protecting Sensitive Customer Data
When a business tries to save face before saving its customers, its reputation gets hit. Why would someone trust your business again if you did nothing to protect them? Over the course of two years, Trump hotels were targeted and successfully accessed by outside hackers who stole more than 70,000 credit card numbers. The first attack took place in May 2014, but it wouldn't be until September 2015 that any of Trump's customers would be notified. It wouldn't be until April 2016 (and it seems only after the media learned of the hacking incident) that Trump Co. updated their cybersecurity measures.  

Because Trump Co. broke New York state laws in not sharing news of the cyber breach with its customers, Trump was forced to pay the fifty grand himself. Had Trump taken proper protocol, including informing his customers of the breach, resetting passcodes and getting a cybersecurity team to patch up Trump Co.'s weak network, a cybersecurity insurance policy could have compensated the vulnerable customers. As Trump did not follow protocol and instead chose to hide the breach, his company suffered a bigger financial loss than would have happened if they had taken the correct approach.

Don't give the public an opportunity to besmirch your business acumen. Practice honest business and be transparent. To learn more about cybersecurity insurance and how it can serve your company, visit CyberPolicy.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375