Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Target Corp. will pay $18.5 million to settle state enforcement actions over the retailer’s payment card hacking breach that affected as many as 60 million customers during the 2013 winter holiday shopping season, a coalition of 47 state attorneys general announced May 23.
The settlement capped an investigation led by Illinois Attorney General Lisa Madigan (D) and Connecticut Attorney General George Jepsen (D), and is the largest multi-state data breach settlement achieved ever, according to a statement from Madigan’s office.
The settlement means Target’s legal disputes arising from the 2013 hacking breach are nearing an end. The cumulative costs for putting the data security incident behind the Minneapolis-based retail giant are large. But the company maintains a $30.1 billion market capitalization, according to Bloomberg data.
The company previously reached a settlement with Visa Inc. for $67 million, as well as a $39 million settlement with a class of banks and credit unions. A $17 million settlement of a consumer class lawsuit is awaiting finalization. Shareholder derivative actions against the company were dismissed.
The new agreement means all extant legal disputes involving the Target 2013 data breach with the states are settled, Jenna Reck, Target spokeswoman, told Bloomberg BNA May 23. “We’re pleased to bring this issue to a resolution for everyone involved. The costs associated with this settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed,” Reck said.
The attorneys general’s investigation determined that the breach of Target’s computer networks was carried out through hacking a third-party vendor, Madigan’s office said. The hack resulted in the breach of a customer service database containing payment card numbers, replete with expiration dates, verification codes and encrypted debit card personal identification numbers, along with the full names of payment card holders.
As part of the settlement, Target agreed to develop, implement, and maintain a comprehensive information security program “reasonably designed to protect the security, integrity, and confidentiality of Personal Information it collects or obtains from Consumers,” the agreement said.
Under the agreement’s terms, Target must develop written, risk-based policies and procedures for auditing vendor compliance with the program. The company must also employ an executive with the appropriate background or experience to implement the required information security plan. That executive will directly advise Target’s chief executive officer and board members on the company’s data security posture, the agreement said.
The company must also hire a third-party assessor to evaluate the information security plan, the agreement said.
California will receive $1.4 million of settlement funds, the largest share of any of the 47 states that are part of the agreement.
To contact the reporter on this story: Stephen Joyce in Chicago at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)