Dive Brief:
- Trump International Hotels Management LLC will pay New York state $50,000 over data breaches that occurred in May 2015, according to a Reuters report.
- New York Attorney General Eric Schneiderman announced the settlement on Friday. Schneiderman said an investigation turned up malware in computer systems at the company's hotels in New York, Las Vegas and Chicago. Trump Hotels reported another breach in March 2016. The settlement also requires Trump Hotels to improve its data security policies.
- The data breach in 2015 reportedly exposed 70,000 credit card numbers and other personal information. Trump Hotels then broke New York law by not letting its customers know about the breach as soon as possible, instead waiting four months to provide notice.
Dive Insight:
States and the federal government are more frequently holding businesses accountable for data breaches that impact customers.
The Federal Trade Commission in particular has come down hard on businesses that practice poor data security. Earlier this month, FTC Chair Edith Ramirez put companies on notice that the agency expects them to play a role in protecting their customers from ransomware. "A company's unreasonable failure to patch vulnerabilities known to be exploited by ransomware might very well violate the FTC Act," said Ramirez.
The fine levied against the hotel chain serve as an penalty for the company not moving to act sooner to secure its systems and notify customers.
The hospitality industry has been hit hard by card breaches over the past two years. In November, Starwood Hotels & Resorts Worldwide reported that payment systems at 54 of its hotels in North America had been infected with malware. Around the same time, Hilton Worldwide Holdings also revealed that it was investigating possible cyberattacks.