Seven of the luxury hotels owned by presidential candidate and real estate impresario Donald Trump were hit with payment info-stealing malware that was active for more than a year, between May 2014 and June 2015.
The compromise affected transactions at the front desk of the hotels, hotel restaurants and gift shops.
“[W]e believe that the malware may have affected payment card data including payment card account number, card expiration date and security code,” the company said in a statement. “The malware may have accessed payment card information in real-time as it was being inputted into our systems.”
The news comes three months after banks said they suspected a hack on the hotel chain.
Trump Hotel Collection also said that an independent forensic investigation has not found any evidence that any customer information was removed from its systems.
“We took steps to contain this incident by removing the malware from our systems,” it said. “In addition, we are continuing to reconfigure various components of our network and payment systems to further secure our payment card processing systems.”
The potential thefts occurred at the Trump SoHo New York, Trump International New York, Trump National Doral in Miami, Trump International Chicago, Trump International Waikiki in Hawaii, Trump International Hotel and Tower Las Vegas and Trump International Toronto.
Trump said it is working with the U.S. Secret Service and the Federal Bureau of Investigation to help “catch these criminals and prosecute them to the full extent of the law.”
Other luxury hotel chains, such as the Mandarin Oriental, have reported data breaches this year.