Target US pays $25m to states to settle data breach

By

Still yet to finalise settlement for consumers.

Target US has agreed to pay US$18.5 million (A$24.7 million) to settle claims by 47 states and the District of Columbia and resolve a multi-state investigation into the retailer's massive data breach in late 2013.

Target US pays $25m to states to settle data breach

The investigation — led by the attorneys-general of Connecticut and Illinois — found that attackers had accessed Target's gateway server through credentials stolen from a third-party vendor.

In one of the biggest data breaches to hit a US retailer, Target had reported that hackers stole data from up to 40 million credit and debit cards of shoppers who had visited its stores during the 2013 holiday season.

California will receive more than US$1.4 million from the settlement, the largest share of any state, California attorney-general Xavier Becerra said.

The costs associated with the settlement are already reflected in the data breach liability reserves that Target has previously recognised and disclosed, the company said in a statement.

Target also said the total cost of the data breach had been US$202 million.

Target spokeswoman Jenna Reck said the company has so far settled with financial institutions and states but is yet to finalise a consumer settlement.

"There is a class action settlement that is outstanding. We have reached an agreement but it hasn't been legally finalised yet."

As part of the settlement announced today, Target is required to adopt advanced measures to secure customer information such as employing an executive to oversee a comprehensive information security program as well as advise its chief executive and board.

The company is also required to hire a independent, qualified third party to conduct a comprehensive security assessment and encrypt or otherwise protect card information to make it useless if stolen.

The retailer's shares were down 0.6 percent at US$55.13 in afternoon trade.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

ANZ's group executive of technology Gerard Florian to retire

ANZ's group executive of technology Gerard Florian to retire

How NAB unwound Teradata's 'tentacles' to decommission it

How NAB unwound Teradata's 'tentacles' to decommission it

NAB approved to use serverless in data environment

NAB approved to use serverless in data environment

NAB brings Pete Steel into new digital, data and AI exec role

NAB brings Pete Steel into new digital, data and AI exec role

Log In

  |  Forgot your password?