Donald J. Trump’s hotel chain agreed to pay a $50,000 penalty and revamp its data security policies after a couple of breaches exposed 70,000 credit card numbers and other personal information of its customers.

Attorney General Eric T. Schneiderman of New York, who announced the settlement on Friday, said in a news release that banks tracing fraudulent card use last year determined that the cards had last been legally used at Trump hotels, indicating the security breach had happened there. Further investigation found malware at several Trump hotels and that an attacker in 2014 had gained unauthorized access to steal sensitive information.