Security & Fraud

Target Sets New Record: Data Breach Settlement

Target Corp. will pay $18.5 million to settle claims related to the massive data breach that compromised 40 million customers’ credit and debit cards in 2013.

The retailer agreed on Tuesday (May 23) to settle up with the 47 states (plus the District of Columbia) that had filed against it after the breach, which Reuters categorized as “one of the biggest data breaches to hit a U.S. retailer.”

New York Attorney General Eric Schneiderman said the hackers had stolen access to credentials from a third-party vendor and used them to access Target’s gateway server where the credit card information was stored.

The breach affected shoppers who had visited Target’s brick-and-mortar stores (but not online shoppers) during the 2013 holiday season. The attack was carried out over the first three weeks of the holiday shopping period and was discovered just before three of the busiest days of the holiday season, adding insult to injury in a season that had already fallen short of revenue expectations.

Insiders said that the retailer was alerted by credit card processors that its system may have been compromised; it did not discover the attack on its own.

The company has now been ordered to employ an executive to oversee a comprehensive information security program and advise the CEO and board. The Minneapolis-based retailer must also hire a third-party contractor to conduct a security assessment and to encrypt card information so that, even if another breach occurred, the information would be rendered useless.

Financial institutions and states have gotten their slice of the settlement pie, with California receiving the largest share of any state at $1.4 million. Consumers, however, are still waiting on the outcome of an ongoing class action settlement. Target spokeswoman Jenna Reck said an agreement had been reached but not finalized.

The total cost of the data breach to Target has been $202 million, and shares dropped 0.6 percent after the settlement was announced.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment

TRENDING RIGHT NOW