NEW YORK — Trump Hotel Collection agreed to pay $50,000 in fines and strengthen security measures after data breaches exposed more than 70,000 credit-card numbers and other personal information, New York Attorney General Eric Schneiderman said Friday.

Banks analyzing hundreds of fraudulent credit-card transactions in May 2015 tracked the last legitimate ones to Trump hotels, suggesting the chain was the target of a cyberattack, Schneiderman said in a statement. A preliminary probe revealed malware targeting credit cards existed at multiple locations, including the computer networks associated with hotels in Chicago, New York and Las Vegas.

Further investigation showed that an attacker infiltrated the chain’s payment system in May 2014 by accessing an administrative account using legitimate credentials, and then deployed the malware, Schneiderman said. The chain knew as early as June 2015 that malware had permeated multiple properties but didn’t tell its customers until four months later, which is a violation of New York law, the attorney general said.

Another breach occurred in November 2015 when an attacker installed malware on 39 systems affecting five properties.