Hardware Retailing The Industry's Source for Insights and Information
Target will pay $18.5 million to states throughout the U.S. as part of settling lawsuits connected with a 2013 data breach that exposed 60 million customers’ personal information.
The May 23 settlement is one of the largest ever reached in a data breach case and “sets new industry standards for safeguarding customer information,” USA Today reports.
Previously, Target had also agreed to settlements with consumers and financial institutions. To settle a consumer class-action suit, Target agreed in March 2015 to pay $10 million, but courts haven’t approved that settlement yet, according to the Star Tribune newspaper, which is located in Minneapolis, where Target is headquartered.
Target’s settlement with banks and credit unions was for $39 million.
As part of the May 23 agreement, Target will pay the attorney general offices of 47 states and the District of Columbia and strengthen its digital security measures.
The settlement, when paid, “shall release and discharge TARGET from all civil claims that the Attorneys General could have brought under the Consumer Protection Acts, the Personal Information Protection Acts, and the Security Breach Notification Acts based on TARGET’s conduct related to the Intrusion,” according to court records.
States will use the $18.5 million to cover legal fees and costs related to investigating the security breach. They can also contribute to consumer protection law enforcement funds and promote consumer education, the court records say.
In the agreement with the states, Target has committed to deploying software and encryption programs to protect customers’ personal information within 180 days and take steps to control access to its network, the court documents say.
“Companies across sectors should be taking their data security policies and procedures seriously. Not doing so potentially exposes sensitive client and consumer information to hackers. I’m glad that, through this settlement, we are assuring that Target improves its data protections,” Connecticut Attorney General George Jepsen, who led the investigation with Illinois Attorney General Lisa Madigan, says in a statement.
Investigators determined that cyberattackers “gained access to Target’s servers via credentials stolen from a third-party vendor” in 2013, USA Today reports. The hackers were able to collect personal information through Target’s customer service database, according to USA Today’s reporting.
