Target to Pay $18.5 Million in Security Breach Settlement
Retail giant Target will pay $18.5 million to 47 states and the District of Columbia as part of a settlement with state attorneys general over a major security breach that compromised the data of millions of customers. According to a report in The New York Times, the settlement ends a lengthy investigation into how hackers obtained names, credit card numbers and other information about tens of millions of people in 2013.
California will get $1.4 million from the settlement, the largest amount of any state. The dollar amounts were largely determined by the state’s population size. Wyoming, Wisconsin and Alabama were not included in this settlement. The Times reports, based on Target’s most recent annual statement, that the company has spent nearly $202 million on legal fees and other costs since the breach.
The investigation, which was led by attorneys general in Connecticut and Illinois, concluded that attackers has stolen the credentials from a third-party vendor that Target used to access a customer database. The hackers then installed malware that helped capture other consumer data.
What Has Come Out of It
Target has, as part of this settlement, agreed to tighten its digital security including maintaining software and encryption programs to protect consumers’ personal information. After an internal review, Target also acknowledged that it missed signs of the data breach. Hackers went on to target other retailers, including Home Depot, in a series of digital attacks aimed at stealing sensitive customer information from millions of consumers around the country.
Here are a few steps consumers can take if their personal information has been compromised:
- Place a “Fraud Alert” on your credit reports and review them carefully. Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open or unexplained charges on your accounts.
- Close any accounts that have been tampered with. Call the security or fraud departments of each company where an account was opened or changed without your approval. Follow up in writing with copies of supporting documents.
- File a police report and get a copy of the police report for your records. It can help you deal with creditors who need proof of the crime.