Nevada Attorney General: $18.5 Million Settlement With Target

At the time of the breach, Target operated 19 stores in Nevada.

IN will receive over $600,000 from an $18.5 million settlement with Target Corp. to resolve a multi-state probe into the discounter's pre-Christmas data breach in 2013. On Tuesday, May 23, 2017, Schneiderman announced that 47 states and the District of Columbia have reached an $18.5 million settlement with Target Corp.to resolve the states' probe into the discounter's massive pre-Christmas data breach in 2013.

The states' investigation found that cyber attackers exploited weaknesses in Target's server to gain access to a customer service database.

The investigation - led by the Attorneys General of CT and IL - found that cyber attackers had accessed Target's gateway server through credentials stolen from a third-party vendor, New York Attorney General Eric Schneiderman said in a statement on Tuesday.

Hackers were able to steal credit and debit card information of more than 41 million Target customers and steal contact info of 70 million by installing malware onto the company's point-of-sale systems.

A spokesman for the California Attorney General's office could not immediately confirm how many Target customers in the state were believed to be impacted by the breach.

"Millions of consumers in CT and across the country were impacted by this data breach and by what we believe, through our multistate investigation, were Target's inadequate security protocols", Jepsen said.

Following the breach, Target paid for one year of free credit monitoring for potential victims in NY.

Target also said the total cost of the data breach had been US$202 million.

The terms of the settlement also require Target to implement and maintain a "comprehensive information security program" aimed at securing customer data.

Target in 2015 separately agreed to pay $10 million to settle claims by customers who said they were affected by the data breach, one of the largest to hobble retailers and banks in recent years.

New Jersey, Connecticut and six other states formed the multi-state executive committee, which investigated Target's role in the data breach.

  • Zachary Reyes