The Trump Hotel Collection has agreed to pay $50,000 and improve its data security after data breaches exposed more than 70,000 credit card numbers and other personal information.
“It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law," New York Attorney General Eric Schneiderman said Friday.
In May 2015, bank analysis of hundreds of fraudulent credit card transactions determined that THC, the company led by the Republican presidential nominee Donald Trump and three of his children, was the last merchant where a legitimate transaction took place.
By June 10, 2015, an investigation found malware at THC locations, including in the computer networks at New York, Las Vegas, and Chicago hotels.
Despite knowing as early as June 2015 that computer networks had been breached, THC didn’t notify its customers until September 25, 2015, when it put a notice on its website. This delay violated New York laws, Schneiderman said.
On March 30, 2016, THC received reports from its payment processors about a second breach. Another investigation found an attacker gained unauthorized access on November 10, 2015. The attacker installed credit card harvesting malware on 39 systems affecting five hotel properties including Trump SoHo New York. THC provided consumer notification to these affected individuals on June 10, 2016.