Target data breach of 2013 also led to the resignation of longtime CEO Gregg Steinhafel and hurt the company’s sales and profits.
If you have ever wondered what the real cost of a data breach is, well now you know. Target corp will pay $18.5 million to 47 states, including California, and the District of Columbia as part of a settlement over the now infamous target data breach of 2013. The breach compromised tens of millions of customers’ credit and debit card information.
This is not the first settlement in the case either. In 2015 Target agreed to pay $10 million to settle claims by customers who said they were affected by the data breach.
Additionally, in 2015 Target agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer’s late 2013 data breach.
Add up the settlement costs, the impact on sales, profits and reputation, and we start to see the cost of not taking cyber security seriously.
Target data breach 2013 settlement (2017)
California will receive more than $1.4 million from the target data breach settlement, the largest amount of any state, according to California Atty. Gen. Xavier Becerra. His office said that money would be used toward enforcing consumer protection laws.
“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security,” Becerra said in a statement. “This should send a strong message to other companies: You are responsible for protecting your customers’ personal information.”
It’s the largest multistate accord ever reached over a data breach, according to New York Attorney General Eric Schneiderman. The hack, which occurred during the busy holiday shopping season in late 2013, affected more than 41 million customer payment-card accounts and exposed contact information of more than 60 million customers.
The hackers accessed a customer service database and installed malware on Target’s system that captured consumer data, including names, telephone numbers, email and mailing addresses as well as payment card numbers with their expiration dates and encrypted debit card personal identification numbers.
Cyber Help Wanted!
The agreement requires Target to develop and maintain a comprehensive information-security program and to employ an executive who is responsible for implementing the changes, Schneiderman said. The company must also hire an independent, qualified monitor to conduct a comprehensive security assessment, Jepsen said.
Target is also required to maintain and support software and keep appropriate encryption policies regarding cardholder and personal data and segment that information from the rest of its computer network, according to the accord.
Target said it’s pleased to bring the issue to a resolution. “The costs associated with this settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed,” Jenna Reck, a spokeswoman for Target, said in an emailed statement.