Target to Pay $18.5 Million to States in Data Breach Settlement

The agreement is the largest multistate data-breach settlement reached to date, according to the New York attorney general’s office.

(TNS) -- Target has agreed to pay $18.5 million to resolve investigations being conducted by 47 states and the District of Columbia stemming from the retailer’s 2013 data breach. In that incident, hackers compromised 41 million credit and debit card accounts and may have obtained the personal information of more than 60 million customers.

California expects to receive more than $1.4 million from the total settlement, the most of any state, the California attorney general’s office said Tuesday. An estimated 7.76 million Californians were affected by the breach, which occurred during the 2013 holiday shopping season.

The agreement is the largest multistate data-breach settlement reached to date, according to the New York attorney general’s office.

None of the funds are going to affected shoppers, who may have been able to seek recompense through other means. Target is still trying to hash out a $10 million settlement in a consumer class-action lawsuit connected to the breach. The retailer paid out $39.4 million in 2015 to banks and credit unions who said they lost money and were put at risk as a result of the breach. That settlement followed a $67 million deal Target struck with Visa card issuers that year.

The terms of the settlement also require Target to implement and maintain a “comprehensive information security program” that will encrypt and secure customer data. The retailer must hire an executive to oversee the execution of that program and advise the company’s CEO and board of directors. Target must also hire an independent firm to conduct a comprehensive assessment of the company’s data security.

“This should send a strong message to other companies: You are responsible for protecting your customers’ personal information. Not just sometimes — always,” said California Attorney General Xavier Becerra in a statement announcing the settlement.

“We’ve been working closely with state attorneys general for several years to address claims related to Target’s 2013 data breach,” said Target spokeswoman Jenna Reck in an email. “We are pleased to bring this issue to a resolution for everyone involved.”

Hackers breached a system known as a gateway server using credentials stolen from a third-party vendor, exposing the customer and card data. The breach compromised a customer service database, exposing customers’ full names, telephone numbers, email and mailing addresses, credit card numbers and encrypted personal identification numbers for debit cards, among other data.

The fallout from the breach contributed to the ouster of Gregg Steinhafel as CEO in 2014. He was replaced by Brian Cornell, a former PepsiCo executive.

©2017 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC


Special Projects
Sponsored Articles
  • Sponsored
    How state and local government transportation and transit agencies can enable digital transformation in six key areas to improve traveler experience.
  • Sponsored
    The latest 2020 State CIO Survey by NASCIO reveals that CIOs are doubling down on digital government services, cloud, budget control and fiscal management, and data management and analytics among their top priorities.
  • Sponsored
    Plagiarism can cause challenges in all sectors of society, including government organizations. To combat plagiarism in government documents such as grants, reports, reviews and legal documents, government organizations will find iThenticate to be an effective yet easy-to-use tool in their arsenal.
  • Sponsored
    The US commercial sector, which includes public street illumination, used 141 billion kilowatt-hours of electricity for lighting in 2019. At the national average cost of 11.07 cents per kilowatt-hour, this usage equates to a national street energy cost of $15.6 billion a year.