Target Corp. will pay $18.5 million to 47 states and the District of Columbia as part of a settlement over a 2013 data breach.
The settlement, announced Tuesday and reached with 48 state attorneys general, also requires Target to maintain and verify a higher level of data security in connection with its collection, maintenance and safeguarding of personal information. Alabama, Wisconsin and Wyoming were not part of the settlement.
The November 2013 cyber-intrusion was carried out by attackers using credentials stolen from a third-party vendor for Target. The hackers tapped into a data base that held contact information for more than 60 million Target customers nationwide — including full names, telephone numbers, e-mail addresses, mailing addresses, payment card numbers, expiration dates, CVV1 codes and encrypted debit PINS.
The payout represented the highest valuation of a multi-state data breach investigation to date. The previous high amount was $9.75 million resulting from a 2009 settlement with TJX Companies, Inc.
Photo courtesy Target