The Trump Hotel Collection has disclosed a data breach that may have compromised customers' debit and credit card data for more than a year. The breach was caused by malware lurking in the hotel's payment system.

Affected hotels include Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto, the company said in a disclosure on its website Thursday.

An investigation has turned up evidence that unauthorized malware was scooping up payment card information as it was entered into the hotel's payment card system between May 19, 2014, and June 2, 2015. Visitors to Trump Hotels during that time may have had their card data — including card account numbers, expiration dates, and security codes — stolen. The breach may also have affected transactions on the point-of-sale terminals at the Las Vegas and Waikiki properties, the company said.

According to the company's disclosure, the investigation has not conclusively determined that any particular customer's payment card information was taken from the company's payment card system or misused.

The Trump Hotel Collection said it has notified the FBI and financial institutions about the incident, and it has removed the malware. It is in the process of reconfiguring various components of its network and payment systems to further secure its payment card processing systems.

The hotel company recommended that customers check their statements for signs of fraud and offered a year of complimentary fraud resolution and identity protection services to customers who used a card at a Trump hotel during the data breach.