Target is set to pay $18.5 million to end a lawsuit involving 47 states stemming from its 2013 breach of shoppers’ credit card and personal data.
Attorney Generals from multiple states, including Xavier Becerra of California, which will be receiving $1.4 million in from the settlement, said the deal also includes requirements for Target to adopt more advanced security measures.
These measures include Target hiring an executive to oversee a comprehensive information security program” who will also advise the company’s chief executive officer Brian Cornell and its board of directors. The company also will be required to separate data on its shoppers’ credit cards to a platform outside the rest of its computer network.
“This should send a strong message to other companies: You are responsible for protecting your customers’ personal information,” Becerra said of the settlement terms. “Not just sometimes — always.”
Illinois Attorney General Lisa Madigan said the settlement is the largest multistate data breach settlement to date and that the deal “establishes industry standards” for all companies that store information about their customers.
A representative of Target could not be reached immediately for comment.
The only U.S. states not involved in the settlement are Alabama, Wisconsin and Wyoming.
The breach at issue occurred in late 2013 and saw more than 41 million payment card accounts exposed, as well as the contact information of more than 60 million customers, through a cyber hack.
A subsequent investigation into the breach carried out by the states showed hackers gained access to Target’s gateway through server credentials stolen from a third-party vendor, that were then used to install malware that allowed the capture of customer names, phone numbers and e-mail addresses, as well as full payment card information.
For More, See: