Remember that big data breach at Target stores across the country back in 2013? It compromised “tens of millions of customers’ credit and debit card information.” Now, years later, Target Corp. has agreed to pay “$18.5 million to 47 states, including California, and the District of Columbia” as part of a settlement over the data breach. The only states not included in the settlement are Alabama, Wisconsin, and Wyoming.
Remember that big data breach at Target stores across the country back in 2013? It compromised “tens of millions of customers’ credit and debit card information.” Now, years later, Target Corp. has agreed to pay “$18.5 million to 47 states, including California, and the District of Columbia” as part of a settlement over the data breach. The only states not included in the settlement are Alabama, Wisconsin, and Wyoming.
Of the settlement, California “will receive more than $1.4 million… the largest amount of any state,” according to California Atty. Gen. Xavier Becerra. According to Becerra’s office, the funds will be used for boosting and “enforcing consumer protection laws.” In a statement released shortly after the settlement was announced, Becerra said:
“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security. This should send a strong message to other companies: You are responsible for protecting your customers’ personal information.”
Under the terms of the settlement, Target Corp. will also be required to undergo some changes. For example, the popular retailer will have to “employ an executive to manage a comprehensive information security program and advise the company’s chief executive and its board of directors.” Additionally, according to a statement from the New York attorney general’s office, the company will have to “hire an independent third party to do a comprehensive security assessment.” The company will also have to implement a number of other cybersecurity measures, “including encrypting payment card information so the data are useless if stolen, separating its cardholder data from the rest of its computer network and instituting password rotation policies and two-factor authentication for certain accounts.”
In response to the settlement and the required changes the company will have to undergo, Target said it was “pleased to bring this issue to a resolution for everyone involved,” and added that the “costs associated with this settlement were already reflected in the data breach liability reserves that Target has previously recognized and disclosed.”
Unfortunately for Target Corp, the company is still recovering from the effects of the 2013 data breach and has even seen the “resignation of longtime Target CEO Gregg Steinhafel.” Company sales and profits were also affected by the breach, and the retailer has been busy settling other “lawsuits related to the breach, including one from credit card company Visa Inc.” A class-action lawsuit worth $10 million that was “brought by consumers is still going through the court system, though it received approval from a federal judge in 2015.”
Sources:
Target will pay $18.5 million in settlement with states over 2013 data breach
Join the conversation!