Target makes history with data breach settlement

Target Corp. has resolved its 2013 data breach with a deal that represents the largest multi-state data breach settlement in history.



The retailer agreed to pay a total of $18.5 million to settle the case. The money will go to 47 states and the District of Columbia, with California receiving the largest share of the settlement, more than $1.4 million.



The agreement also requires Target to develop, implement and maintain a comprehensive information security program aimed at encrypting and securing customer data. The retailer has already implemented these measures.



The massive breach occurred in late 2013, between November 27 and December 15. It affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers.



In addition to causing Target to overhaul its security measures, the breach is largely seen as one of the elements that led to the exit of Gregg Steinhafel, Target's then-CEO and chairman, who resigned in May 2014.



“We’re pleased to bring this issue to a resolution for everyone involved,” stated Target spokeswoman Jenna Reck. "The costs associated with this settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed.”