Trump hotels agree to pay $50K in data breach settlement
© Getty Images
New York Attorney General Eric Schneiderman (D) made the announcement Friday, saying the Trump Hotel Collection would also take steps to shore up its data security as part of the agreement.
“It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law," Schneiderman said in a statement.
According to the state attorney's office, banks analyzing records for hundreds of fraudulent credit card transactions last year found that the Trump hotel chain was the last legitimate transaction, suggesting the Trump hotels were the victim of a cyberattack.
Investigators confirmed that malware targeting credit card information had affected seven Trump properties, including the Trump SoHo in New York, his National Doral resort in Miami, and Trump International hotels in New York, Chicago, Honolulu, Las Vegas and Toronto, the attorney's office said.
An attacker allegedly infiltrated the hotel chain's payment processing system in May 2014 before deploying the malware across the computer network and credit card system.
The attorney's office said the Trump Hotel Collection knew of the malware at multiple properties as early as June 2015 but didn't notify customers of the breach until four months later.
New York law requires consumers be notified “in the most expedient time possible and without unreasonable delay,” Schneiderman's office said.
Hotel officials received reports of a second data breach this past March. That breach, which occurred in November, affected five Trump properties. The hotel chain alerted customers 11 days after finding out.
The breaches resulted in more than 70,000 credit card numbers and other personal information being exposed, according to officials.
As part of the settlement, hotel officials must take several steps to protect customers' privacy, including annual employee training and implementing additional safeguards.