Target Settles 47-State Case Over 2013 Data Breach
Target Corp. has agreed to pay $18.5 million to settle one of the last cases concerning a data breach that took place during the 2013 holidays, the Star Tribune of Minneapolis has reported.
Covering 47 states, the agreement marks the biggest multistate data breach settlement ever, reached with the attorneys general’s offices in each state. It includes provisions Target is required to meet, the newspaper said. The agreement is in addition to the $10 million class-action settlement that Target reached in March 2015, although it has yet to be approved by a court due to a member of the fund saying consumers weren't being compensated appropriately.
Target is said to have taken steps since the data breach to shore up its systems, and it won't not have to put additional security measures into place as a result of the settlement, Star Tribune said. Additionally, the Minneapolis-based retailer’s payout to the states already is reflected in the liability reserves Target previously disclosed.
Caused by a malware incident that gave unauthorized access to payment card data, the 2013 data breach resulted in the names, mailing addresses, phone numbers and email addresses of up to 70 million Target shoppers being stolen. It also led to the appointment of a new CIO, the formation of a digital advisory counsel, the hiring of Chief Information Security Officer Brad Maiorino, and the ouster of CEO Gregg Steinhafel.
Grocers have been a big target for fraudsters and hackers in recent years: Chicago-based fraud protection firm Rippleshot noted that they make up the No. 1 channel for data breaches in terms of the percentage of compromised accounts, and Bothell, Wash.-based SecurityPro said that roughly two-thirds of retail employees aren't prepared to deal with a cyberattack. Among others dealing with compromised data, Albertsons and Supervalu both reported malware attacks, while Safeway had issues of its own with skimmers.