The New York Times reported that “Target will pay $18.5 million to 47 states and the District of Columbia as part of a settlement with state attorneys general over a huge security breach that compromised the data of millions of customers.” The May 23, 2017 report entitled “Target to Pay $18.5 Million to 47 States in Security Breach Settlement” includes that since the 2014 breach “Target has spent $202 million on legal fees and other costs since the breach” and that:
As part of the settlement, Target agreed to tighten its digital security, including maintaining software and encryption programs to safeguard people’s personal information.
The retailer will have to separate its cardholder data from the rest of its computer network and pay for an independent assessment of its security measures, according to Tuesday’s announcement.
On Dec. 19, 2013, during the biggest shopping season of the year, Target confirmed that credit and debit card information about 40 million customers had been stolen.
Several weeks later, the company said that other information for 70 million people, including email and mailing addresses, had also been exposed.
However I’m not sure that the consequences of the 2013 cyber intrusion are completely over for Target. What do you think?
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns