[BreachExchange] Target in $18.5 million multi-state settlement over data breach
Destry Winant
destry at riskbasedsecurity.com
Thu May 25 01:03:15 EDT 2017
https://www.reuters.com/article/us-target-cyber-settlement-idUSKBN18J2GH
Target Corp on Tuesday agreed to pay $18.5 million to settle claims by
47 states and the District of Columbia and resolve a multi-state
investigation into the retailer's massive data breach in late 2013.
The investigation — led by the Attorneys General of Connecticut and
Illinois — found that cyber attackers had accessed Target's gateway
server through credentials stolen from a third-party vendor, New York
Attorney General Eric Schneiderman said in a statement on Tuesday.
In one of the biggest data breaches to hit a U.S. retailer, Target had
reported that hackers stole data from up to 40 million credit and
debit cards of shoppers who had visited its stores during the 2013
holiday season. (reut.rs/2qRRMip)
California will receive more than $1.4 million from the settlement,
the largest share of any state, California Attorney General Xavier
Becerra said.
The costs associated with the settlement are already reflected in the
data breach liability reserves that Target has previously recognized
and disclosed, the company said in a statement.
Target also said the total cost of the data breach had been $202 million.
Target spokeswoman Jenna Reck said the company has so far settled with
financial institutions and states but is yet to finalize a consumer
settlement. "There is a class action settlement that is outstanding.
We have reached an agreement but it hasn't been legally finalized
yet."
As part of the settlement announced on Tuesday, Target is required to
adopt advanced measures to secure customer information such as
employing an executive to oversee a comprehensive information security
program as well as advise its chief executive and board.
The company is also required to hire a independent, qualified third
party to conduct a comprehensive security assessment and encrypt or
otherwise protect card information to make it useless if stolen.
The Minneapolis-based retailer's shares were down 0.6 percent at
$55.13 in afternoon trade.
More information about the BreachExchange
mailing list