US President Donald Trump’s hotel chain has been hit by its third data breach in as many years.
Card payment data and security codes for reservations were accessed at 14 properties when the central reservation system at Sabre Corp, a third party, was breached.
The attack has affected other travel companies working with Sabre.
In some cases, guests’ names, emails, phone numbers and addresses were also obtained.
The first unauthorised access during the latest breach was recorded on 10 August last year, and the last occurred on 9 March 2017, according to a notice about the breach on the Trump Hotels website
Trump Hotels has not said how many customers were affected.
Two separate breaches have been made public since 2014.
In one, seven Trump hotels were affected by malware targeting payments between May 2014 and June 2015. The other case was reported in 2016.
It was a common criminal tactic to go after smaller third parties when targeting customer data at bigger brands, said security expert Rik Ferguson, at Trend Micro.
“Ultimately, it’s the customers of Trump hotels that have been affected.
“Can you say that Trump’s chain is without reproach?
“Not really, it’s part of your due diligence to ensure that your suppliers are of the same security standard.”
Mr Ferguson added that the stolen data, including personal information on customers, was sensitive and that similar caches were frequently traded in underground communities.
“It really illustrates the importance of learning a lesson from past breaches, which doesn’t seem to be the case here,” he told the BBC.