BUSINESS

Trump Hotels to pay New York $50,000 over data breaches

Chris Dolmetsch
Bloomberg

Donald Trump’s hotel chain, Trump Hotel Collection, agreed to pay $50,000 in fines and strengthen security measures after data breaches exposed more than 70,000 credit-card numbers and other personal information, New York Attorney General Eric Schneiderman said Friday.

Banks analyzing hundreds of fraudulent credit-card transactions in May 2015 tracked the last legitimate ones to Trump hotels, suggesting the chain was the target of a cyber attack, Schneiderman said in a statement. A preliminary probe revealed malware targeting credit cards existed at multiple locations, including the computer networks associated with hotels in Chicago, New York and Las Vegas.

Further investigation showed that an attacker infiltrated the chain’s payment system in May 2014 by accessing an administrative account using legitimate credentials, and then deployed the malware, Schneiderman said. The chain knew as early as June 2015 that malware had permeated multiple properties but didn’t tell its customers until four months later, which is a violation of New York law, the attorney general said.

Another breach occurred in November 2015 when an attacker installed malware on 39 systems affecting five properties, including the Trump SoHo New York, Schneiderman said. Then, in March, an attacker infiltrated a payment system for the Trump International Hotel & Tower New York that had personal information of more than 300 property owners, including social-security numbers. The attackers have not been identified.

The hotel chain, started by the Republican presidential nominee in 2007, features 15 properties worldwide including the redeveloped, historic Old Post Office building in Washington, D.C., which opened earlier this week, according to its website. Trump runs the business with his three children.

“Unfortunately, cyber criminals seeking consumer data have recently infiltrated the systems of many organizations including almost every major hotel company,” according to a statement from the hotel chain. “Safeguarding our customers’ data is a top priority for the company, and we will continue taking actions to do so.”

(Updates with company comment in sixth paragraph.)

To contact the reporter on this story: Chris Dolmetsch in New York State Supreme Court in Manhattan at cdolmetsch@bloomberg.net. To contact the editors responsible for this story: Joe Schneider at jschneider5@bloomberg.net, Sophia Pearson, Andrew Martin

2016 Bloomberg L.P.