May 23, 2017

New York announced that 47 states and the District of Columbia have reached a $18.5 million settlement with the Target Corporation to resolve the states’ investigation into the retail company’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. The agreement represents the largest multistate data breach settlement achieved to date and will bring $635,224.33 to New York State. The states’ investigation found that in November of 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database and to install malware on the system that was used to capture consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. NY, TX, CA

Tagged in: Cybersecurity and Data Breaches,