The Trump Hotel Collection (THC) confirmed that malware was used to gain unauthorized access to customer payment card data at seven properties.
The malware was active in the THC system between May 19, 2014, and June 2, 2015, and has been removed, according to a legal notice posted by the hotel chain. Hotels in New York, Chicago, Honolulu, Las Vegas, Toronto, and Miami were affected.
Account numbers, card expiration dates, and security codes may have been compromised for customers at all the affected branches and cardholder names may also be at risk for customers who stayed at the Las Vegas and Honolulu properties, the hotel chain said in the legal notice.
"While the independent forensic investigator did not find evidence that information was taken from the Hotel's systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems," THC said in the notice.
The company said it will offer one year of complimentary fraud resolution and identity protection services for anyone who used a payment card during the period in which the system was compromised.