Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Target in $18.5 million multistate settlement over data breach

Reprints
Target in $18.5 million multistate settlement over data breach

(Reuters) — Target Corp. on Tuesday agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia and resolve a multistate investigation into the retailer's massive data breach in late 2013.

The investigation — led by the attorneys general of Connecticut and Illinois — found that cyber attackers had accessed Target's gateway server through credentials stolen from a third-party vendor, New York Attorney General Eric Schneiderman said in a statement on Tuesday.

In one of the biggest data breaches to hit a U.S. retailer, Target had reported that hackers stole data from up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season.

California will receive more than $1.4 million from the settlement, the largest share of any state, California Attorney General Xavier Becerra said.

The costs associated with the settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed, the company said in a statement.

Target also said the total cost of the data breach had been $202 million.

Target spokeswoman Jenna Reck said the company has so far settled with financial institutions and states but has yet to finalize a consumer settlement. "There is a class action settlement that is outstanding. We have reached an agreement but it hasn't been legally finalized yet," she said.

As part of the settlement announced on Tuesday, Target is required to adopt advanced measures to secure customer information such as employing an executive to oversee a comprehensive information security program as well as advise its chief executive and board.

The company is also required to hire an independent, qualified third party to conduct a comprehensive security assessment and encrypt or otherwise protect card information to make it useless if stolen.

The Minneapolis-based retailer's shares were down 0.6% at $55.13 in afternoon trade.

Read Next

  • Minnesota court to hear all Target data breach cases

    (Reuters) — The U.S. Judicial Panel on Multidistrict Litigation ordered that the many lawsuits that accuse Target Corp. of failing to protect customers from a data breach will be consolidated in the retailer's home state Minnesota.