Two years after a data breach impacted about 40 million of its customers during the 2013 Christmas shopping season, Target Corp. reached an $18.5 million settlement with 47 states and the District of Columbia.
The deal — the largest multistate data breach settlement ever reached, according to a statement by several states’ attorneys general today — will resolve the states’ investigation into the breach.
“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security,” said California state Attorney General Xavier Becerra, whose state will be receiving more than $1.4 million from the settlement, the largest share of any state.
He added, “This should send a strong message to other companies: You are responsible for protecting your customers’ personal information. Not just sometimes — always.”
Among the terms of the settlement, Target is required to formulate a “comprehensive information security program” and employ an executive or officer responsible for implementing and maintaining the program — actions that the retailer has already taken.
In addition to negatively affecting Target’s sales and profits, the 2013 data breach also led to the resignation of the company’s president, chairman and CEO Gregg Steinhafel.