New York Attorney General Eric Schneiderman said the fine was imposed because Trump Hotel Collection left it nearly four months before notifying affected card users.
The data breaches affected more than 70,000 credit card numbers and other personal data.
“It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law,” said Schneiderman.
“Consumers’ personal information is all too often exposed to wrong-doers with ill-intent. We will continue working to help protect hardworking New Yorkers from all forms of identity theft.”
Investigators found Trump Hotels was the ‘common point of purchase’ for affected cards after a malware attack on its payment processing system in 2014.
A second breach occurred earlier this year at several Trump properties in the US.
The settlement requires Trump Hotels to take measures including conducting annual employee training in data protection, regular software security testing and to ensure contracted service providers implement and maintain necessary safeguards.