Target Reaches Record $18.5 Million Settlement
Target has reached another settlement over its December 2013 data breach. The retailer has agreed to pay a record $18.5 million to end investigations that were being conducted by the attorneys general of 47 states and the District of Columbia.
As a part of the settlement, Target must also prove they are securing customers’ personal information more effectively. After one year, the company will have to have an independent third-party assessor verify that their security program is compliant. In the 2013 breach, the names, addresses, telephone numbers and email addresses of 70 million shoppers were compromised. Hackers were also able to steal the details of 41 million payment cards.
The multi-state investigation, which was led by Illinois Attorney General Lisa Madigan and Connecticut Attorney General George Jepsen, found the hackers were able to access Target’s server by stealing the log-in credentials of a third-party vendor.
Alabama, Wisconsin and Wyoming were the only three states that were not part of the settlement.
Target is nearing the end of litigation with affected consumers as well. A judge has approved a $10 million settlement for a class action that was filed by consumers, but one of the plaintiffs, Leif Olson, is challenging the settlement. Olson’s attorney, Melissa Holyoak, told MPRNews that her client believes this is not a fair deal, as the consumer group will receive $10 million, but attorney and administration costs will be $13 million.
In December 2015, Target reached a $39 million settlement to end a class action lawsuit that had been filed by a number of financial institutions.