Sun Sentinel Palm Beach Edition
Target to pay $18.5 million settlement
Target Corp. will pay $18.5 million to 47 states and the District of Columbia as part of a settlement over a 2013 data breach that compromised tens of millions of customers' credit and debit card information.
Alabama, Wisconsin and Wyoming were not part of the settlement announced Tuesday.
As part of the settlement, the Minneapolis-based retailer will also be required to employ an executive to manage a “comprehensive information security program” and advise the company's chief executive and its board of directors, according to a statement from the office of the California attorney general.
Target will need to hire a third party to do a comprehensive security assessment, according to a statement from the New York attorney general's office. Target will also need to add other cybersecurity measures, including encrypting payment card information so the data are useless if stolen and instituting password rotation policies.
Target said it was “pleased to bring this issue to a resolution for everyone involved.” The retailer added that the costs associated with this settlement were “already reflected in the data breach liability reserves that Target has previously recognized and disclosed.”