Business & Tech
Mass. Gets Piece Of $18.5 Million Multistate Settlement From Target
The settlement for a data breach is the largest of its kind.
MASSACHUSETTS—In the largest national data breach settlement to date, Target is paying Massachusetts $625,000 to resolve a multistate investigation into the 2013 data breach that compromised nearly one million credit or debit cards of Target customers in Massachusetts, Attorney General Maura Healey announced on Tuesday.
The $18.5 million multistate settlement is the result of an investigation by AG Healey’s Office along with 46 other states and the District of Columbia into the 2013 data breach at Target Corporation during which hackers accessed the retail company’s gateway server through credentials stolen from a third-party vendor.
“Consumers should be able to shop without fear that their credit card information will be stolen,” said AG Healey in a statement. “This settlement makes clear that we expect retailers to take meaningful steps to protect consumers’ credit and debit card information from theft. Massachusetts will continue to take a leading role in protecting the security of our residents’ data.”
Find out what's happening in Westboroughfor free with the latest updates from Patch.
The stolen credentials were used to exploit weaknesses in Target's system, according to investigators. That let the attackers access the customer service database, install malware and then grab data from credit or debit card transactions at Target stores from Nov. 27, 2013, to Dec. 15, 2013.
The stolen data included consumers’ full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, security codes, and encrypted debit PINs.
Find out what's happening in Westboroughfor free with the latest updates from Patch.
The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers nationwide. In Massachusetts, the breach compromised information from approximately 947,000 customer payment card accounts and other personally-identifying information of about 1.5 million Massachusetts residents, said the press release.
In addition to the payments to the states, Target is required to update multiple systems and undergo a security assessment.
Photo via Shutterstock
Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.
