No one ever said that legal settlements were a quick process, but after more than three years, 47 states and the District of Columbia will be compensated for Target’s infamous 2013 data breach.
Target will pay a record $18.5 million in penalties for a data breach that compromised millions of customer credit and debit card accounts. California will get the largest part of that settlement at $1.4 million. Alabama, Wisconsin, and Wyoming did not paticipate in the action and are not included.
“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security," said California Attorney General Xavier Becerra in a statement. "This should send a strong message to other companies: you are responsible for protecting your customers’ personal information. Not just sometimes – always."
Infamous data breach
Consumers may remember back in 2013 when news broke about a data breach that affected holiday shoppers who had made purchases at Target.
At the time, officials said that Target had done several things wrong, including granting access to a third-party vendor who had weak security protocols, not segregating customer data from less sensitive parts of its network, and ignoring multiple warnings from its security software which indicated that hackers had breached its system.
As part of the settlement, Target will be required to adopt advanced security measures to protect customer information in the future and must hire an executive to oversee a “comprehensive information security program.” The company must also encrypt and protect payment card information it receives so that it is not useable if stolen.
Target responded to the announcement by saying it was “pleased to bring this issue to a resolution for everyone involved,” according to a Los Angeles Times report. However, the company still faces a $10 million class action settlement that was approved in 2015.