Supported by
Target to Pay $18.5 Million to 47 States in Security Breach Settlement
Target will pay $18.5 million to 47 states and the District of Columbia as part of a settlement with state attorneys general over a huge security breach that compromised the data of millions of customers.
The settlement ends a yearslong investigation into how hackers obtained names, credit card numbers and other information about tens of millions of people in 2013.
New York will receive $635,000, while California will receive $1.4 million, the largest amount of any state, according to the Eric T. Schneiderman, New York’s attorney general. Dollar figures were determined “largely” based on each state’s population size, his office said.
Wyoming, Wisconsin and Alabama were not included in Tuesday’s announcement. Representatives for the attorneys general in those states did not have an immediate comment or could not be reached.
In a statement, Target said that it was “pleased” to have resolved the issue. Target has spent $202 million on legal fees and other costs since the breach, according to the company’s most recent annual statement.
The investigation, led by attorneys general in Connecticut and Illinois, concluded that attackers had stolen credentials from a third-party vendor that they used to access a customer database. They then installed malware that helped capture other consumer data.
As part of the settlement, Target agreed to tighten its digital security, including maintaining software and encryption programs to safeguard people’s personal information. The retailer will have to separate its cardholder data from the rest of its computer network and pay for an independent assessment of its security measures, according to Tuesday’s announcement.
On Dec. 19, 2013, during the biggest shopping season of the year, Target confirmed that credit and debit card information about 40 million customers had been stolen. Several weeks later, the company said that other information for 70 million people, including email and mailing addresses, had also been exposed.
After an internal review, Target acknowledged that it had missed signs of the data breach. The disaster helped push out the chief executive of Target, Gregg W. Steinhafel, who resigned in May 2014. Target’s current chief executive, Brian C. Cornell, took over in August of that year.
Hackers went on to target other retailers, including Home Depot, in a series of digital attacks aimed at stealing sensitive customer information from millions of consumers around the country.
Explore Our Business Coverage
Dive deeper into the people, issues and trends shaping the world of business.
Landline Pride: Traditional phones may seem like relics in the iPhone era, but a recent AT&T cellular service outage had some landline lovers extolling their virtues.
C.E.O. Dreams: Fresh business school graduates are raising “search funds” from willing investors to buy companies they can lead.
Nelson Peltz Wants Respect: The longtime corporate agitator feels misunderstood. Maybe his fight with Disney could change that.
The Palm Oil Supply Chain: An E.U. ban on imports linked to deforestation has been hailed as a “gold standard” in climate policy. Southeast Asian countries say it threatens livelihoods.
Tough Times Ahead: As the prices for office space in urban centers tumble, cities whose municipal budgets rely on taxes associated with commercial real estate are starting to bear the brunt.
Going Solo: In Taiwan, the government is racing to do what no country or even company has been able to: build an alternative to Starlink, the satellite internet service operated by Elon Musk’s rocket company, SpaceX.
Advertisement