Target's 2013 data breach is among the most memorable for both businesses and the general public. While a large amount of media attention is a significant factor in the enduring memory held by many of this event, the sheer scale of the breach and the costs involved are perhaps the most important. The incident involved about 100 million customers in all, although roughly 60 percent only had contact information compromised, USA Today noted. That meant negative word of mouth as well as press coverage were both common.
The attack was perpetrated by hackers entering sensitive areas of Target's data storage systems through a vulnerable third-party vendor access point. From there both contact and payment information were taken and used by the cybercriminals before Target and affected consumers realized what had happened.
The latest payout for Target
USA Today said a multistate agreement involving 47 states as well as Washington, D.C., requires the big-box retailer to pay out approximately $18.5 million. The states involved in the action will receive the money directly for a number of uses related to consumer protection and advocacy as well as to pay for the various costs and fees associated with the lawsuit that led to the agreement.
Bloomberg said the agreement was the largest such cooperative effort involving a data breach, based on a statement from New York Attorney General Eric Schneiderman. The effort was led by George Jepsen, Attorney General for Connecticut, and Lisa Madigan, the Illinois Attorney General.
"Millions of consumers in Connecticut and across the country were impacted by this data breach and by what we believe, through our multistate investigation, were Target's inadequate security protocols," Jepsen said to Bloomberg. "Through this settlement, we are assuring that Target improves its data protections."
The $18.5 million is the most recent financial penalty facing Target, which has paid out other claims and sponsored services for affected customers in the past. A $10 million settlement for a class-action lawsuit was reached in 2015, with the retailer offering as much as $10,000 for each affected customer that could clearly document financial issues caused by the breach. Target also paid for free credit monitoring in the wake of the event.
Beyond a financial settlement, the agreement also requires the business to take a number of actions, from developing and maintaining a strong information security effort to improving network access and payment information security.
What it means for your business
While the Target incident is an extreme example of the problems caused by a lack of secure credit card payment software, the possibility exists for any business to suffer a similar attack and face financial and reputational damage afterward. To learn more about effective and safe payment card processors, talk to Cloud 9 today!