Hotel operator Hilton will pay $700,000 to settle an investigation into two separate data breaches that exposed more than 350,000 credit card numbers.
The New York attorney general, who conducted an investigation along with his counterpart in Vermont, said Tuesday that one breach began in November 2014 and another in April 2015 but Hilton didn't tell consumers until November 2015.
Continue Reading Below
The state officials say Hilton didn't comply with payment-card security standards.
Hilton spokeswoman Meg Ryan says the company cooperated with law enforcement and took steps to wipe out malware that targeted customers' card information.
Virginia-based Hilton Domestic Operating Company Inc. was previously known as Hilton Worldwide. The company has more than 5,100 properties in about 100 countries under names including Hilton Hotels, DoubleTree by Hilton, Embassy Suites and Hampton by Hilton.