Target to pay state over its data breach
Target Corp. will pay Texas $1.1 million as part of an $18.5 million deal to settle claims after a 2013 multistate data breach.
Hackers used a thirdparty vendor to break into the retailer’s payment network during that year’s Christmas shopping season. More than 41 million customer accounts, including banking and personal information, were compromised. About 5 million accounts in Texas were affected.
The incident damaged the chain’s reputation, dampened sales and spurred the resignation of Target Chairman and CEO Gregg Steinhafel.
The settlement is said to be the largest multistate agreement ever over a data breach.
The thieves used malware to steal names, emails and other personal information, as well as credit and debit card numbers. The money will be distributed to 47 states; Alabama, Wisconsin and Wyoming were not part of the settlement.
A statement from Target said it has worked for several years with attorneys general to address the claims related to the data breach.
Minnesota-based Target also agreed to launch a comprehensive information security program and to hire an executive to oversee it. Target also will maintain encryption policies to safeguard personal financial data and control access to its network through passwords and other methods, according to Texas Attorney General Ken Paxton.
In a separate agreement in 2015, Target agreed to pay $10 million to settle claims by customers affected by the breach.