Skip to main content
close search
site logo

Target to Pay States $18.5M Over Data Breach

Published May 23, 2017
By Matthew Heller

Taking another step to put a massive data breach in 2013 behind it, Target has agreed to pay $18.5 million to 47 states and the District of Columbia.

The settlement resolves the states’ investigation into the breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. Only Alabama, Wisconsin and Wyoming are not part of the largest ever multistate data breach settlement.

Target also agreed to employ an executive to manage a “comprehensive information security program” as well as advise its chief executive and board.

California will receive $1.4 million from the settlement, the most of any state. “Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security,” California Attorney General Xavier Becerra said in a news release.

“This should send a strong message to other companies: You are responsible for protecting your customers’ personal information,” he added.

The states’ investigation found that in November of 2013, hackers accessed Target’s gateway server through credentials stolen from a third-party vendor and then exploited flaws in its computer system to install malware that captured consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, security codes, and encrypted debit PINs.

Target said it was “pleased to bring this issue to a resolution for everyone involved,” adding that the costs associated with the settlement were “already reflected in the data breach liability reserves that Target has previously recognized and disclosed.”

The retailer has estimated the total cost of the breach at $202 million. In other settlements, it paid up to $67 million to Visa, $19 million to Mastercard, and $39 million to financial institutions. A proposed $10 million settlement of a consumer class action is awaiting court approval.

The latest settlement also requires Target to separate its cardholder data from the rest of its computer network and take steps to control access to the network, including implementing password rotation policies and two-factor authentication for certain accounts.

Editors' pick

  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • July 28, 2023

Company Announcements

View all | Post a press release
FD Capital Announces the Launch of their Professional Services Team
From FD Capital
September 11, 2023
Emagia Introduces GiaGPT: A Groundbreaking Generative AI Solution for Finance Operations
From Emagia
September 08, 2023

Want to share a company announcement with your peers?

Get started

Read next
  • Calendar
    Image attribution tooltip
    Misha Shutkevych via Getty Images
    Image attribution tooltip
    Tracker

    CFO Annual Conferences and Events Tracker

    CFO’s annual conference and events calendar tracker ensures finance executives know about the most essential in-person events.

    By CFO Editorial Team • July 28, 2023
Latest in Regulation & Compliance
image/svg+xml
Industry Dive is an Informa business
© 2023 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell