Business & Tech
Texas, 46 States Get $18.5M Settlement From Target Corp. After Massive Data Breach
Amount represents the largest sum related to a data breach achieved in a multi-state class action suit, according to attorney general.
AUSTIN, TX — Along with 46 other states, Texas has secured an $18.5 million with Target Corp. in resolving an investigation into the retailer's 2013 data breach that put at risk the financial data of more than 41 million consumers, the state's attorney general said.
The settlement amount represents the largest sum related to a data breach achieved in a multi-state class action suit, AG Ken Paxton noted on Tuesday. The breach exposed customer payment card accounts and personal contact information of tens of millions of consumers.
The states' investigation found that cyber attackers accessed Target's gateway server through credentials stolen from a third-party vendor in November 2013. The credentials were used to exploit weaknesses in Target's system, which allowed the attackers to access a customer service database, install malware on the system and capture consumer’s personal information and banking information, Paxton said.
Find out what's happening in Austinfor free with the latest updates from Patch.
“Cyber threats and identity theft are of increasing concern to Texas consumers,” the attorney general said in a prepared statement. “Today’s settlement underscores that in the 21st century, a business that obtains consumers’ personal information must be proactive in maintaining reasonable safeguards to protect that information.”
In addition to the financial terms, Paxton said, the settlement requires Target to develop, implement and maintain a comprehensive information security program and hire an executive officer to oversee the program. The company must also hire an independent, qualified third-party to conduct a comprehensive security assessment, Paxton added.
Find out what's happening in Austinfor free with the latest updates from Patch.
Moreover, the settlement further requires Target to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network; and to undertake steps to control access to its network, including implementing password rotation policies and two-step authentication for certain accounts.
Texas along with 46 other states and the District of Columbia participated in the investigation and settlement.
To view a copy of the settlement, click here.
>>> Image via Shutterstock
Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.
