Target has agreed to pay out a whopping $18.5 million to U.S customers after a nationwide data breach.
Millions of customers had their personal information compromised back in 2013.
The data breach affected customers’ contact, account, and billing information. It’s believed that a total of 60 million customers were affected.
The 2013 data breach was carried out after hackers got into Target’s servers through a third party vendor. Once in, they managed to locate a customer database and release malicious software to extract information.
While 60 million had their contact information compromised, two thirds of the same customers also had debit and credit information lifted too.
Multiple legal actions
Enforcement agencies in 47 U.S. states and the District of Columbia all brought claims against the discount retailer for the colossal data breach. The multi-million dollar settlement is thought to be the largest multi-state settlement for a data breach to date.
The state of California, which is the U.S state with the largest population, received the largest portion of the settlement. Target agreed to pay $1.4 million to the state where 7,760,000 customers were affected. However, this sum will not be going to the customers themselves, and a separate $10 million lawsuit is being brought in connection to the data breach.
2015 settlement to banks and credit unions
In 2015, Target paid out just shy of $40 million to banks and credit unions who lost money through the data breach. The sum was also to cover the risks the banks may face as a result of the data breach.
The $18.5 million sum is only part of the settlement as Target also agreed to up their security by implementing a “comprehensive information security program”. In countries where there is comprehensive data protection legislation in place – like the U.S. and U.K. – companies and authorities have a legal responsibility to ensure any information they have access to, and keep in storage, is processed and maintained in a safe and secure way. Like sending a parcel to a recipient in another city, you would expect the postal service to keep the parcel safe at all times – not lose it or allow it to be stolen.
Enforcement for changes
An executive has been brought in to ensure Target implements and maintains the security program. As a first step, the major retailer will make sure information in the customer database is at least encrypted. This way, even if hacked, the information should be useless unless the hacker has the exact decryption key. An independent third party will also oversee the security measures to ensure Target are compliant.
Statement from Target
In a statement, Target said:
“We’ve been working closely with State Attorney Generals for several years to address claims related to Target’s 2013 data breach. We’re pleased to bring this issue to a resolution for everyone involved.”
Although a settlement has been reached, the issue has not come to a complete end. Unfortunately, when it comes to data breaches, the extent of leaked information often has no expiry date. Even thirty years down the line, criminals could still hold and spread stolen information. Affected consumers were therefore encouraged to change their passwords and remain vigilant of any suspicious behaviour.