The massive breach saw hackers break into the Sabre's SynXis Central Reservation system (CRS), used by Trump Hotels and about 500 other companies for centralised guest bookings. The hacker's access to the Trump Hotels guess information spanned from August 10, 2016 to March 9, 2017.
Guests at 14 Trump properties, including hotels in New York City, Washington D.C., Las Vegas, Chicago, Rio De Janeiro and Vancouver were affected in the breach.
The InterContinental hotel group said malware searched for track data - cardholder name, card number, expiration date and internal verification code - and read from the magnetic stripe of a payment card as it was being routed through the affected hotel server.
The hotel says it apologizes for the inconvenience and urges anyone who made reservations during those times to monitor their accounts for unauthorized activity and contact law enforcement if necessary.
Sabre previously issued a statement saying it has "notified and been working with certain customers and partners that use or interact with Sabre Hospitality Solutions' (SHS) SynXis Central Reservations system (SHS reservation system) about our previously disclosed incident of unauthorized access".
Trump Hotels, which claims "the privacy and protection of our guests' information is a matter we take very seriously", said (pdf) Sabre notified it about the breach on June 5. The Trump Hotels line, controlled by the president and his family, has fallen victim to a widespread data breach, which may have compromised everything from guests' names to their full credit-card information.
In March 2016, the attacker targeted a legacy payment system including the personal data of Trump hotel property owners and social security numbers of over 300 people. This was the third involving the hotel chain since May 2015. "This incident occurred on the systems of Sabre Hospitality Solutions (Sabre), a service provider used by Trump Hotels".
Reports of the breach of systems belonging to reservations systems provider Sabre first began circulating in May. That year, the company was fined $50,000 for waiting months to notify customers after realizing their credit cards had been compromised. More details on the breach can be found here. The hotel confirmed that they were not hacked themselves.