News Feature | June 2, 2017

Target Agrees To Pay $18.5 Million To Settle 2013 Data Breach Claims

Christine Kern

By Christine Kern, contributing writer

Target Check-Out Glitch

Long reach of data breaches extends far beyond the actual compromise of data.

Target has announced that it is ready to pay out a bulk settlement of $18.5 million for distribution among 47 state governments and Washington, D.C., according to Reuters, as it attempts to resolve all claims related to the 2013 holiday shopping season data breach. The incident left approximately 40 million cardholders vulnerable in the wake of the breach that occurred between November 27 and December 15, 2013, as Innovative Retail Technologies reported.

The breach – one of the first major retail attacks – demonstrated to the industry that no one was immune to cybercriminals and emphasized the need for heightened cybersecurity initiatives. The cost of such attacks is far greater than just the actual loss of data, however; as a recent KPMG study demonstrated, 19 percent of consumers stated that they would stop shopping at a retailer that had fallen victim to hackers, even when the company took appropriate remediation measures, according to Innovative Retail Technologies. The impact on reputation and customer loyalty is deep and can be long lasting. The study also found an alarming disconnect between consumers and retail execs when it comes to weighing the real costs of such breaches.

Target is still paying the price for its 2013 breach. Under the terms of this bulk settlement, California will receive the largest share of any state – more than $1.4 million. The multi-state investigation was led by the Attorneys General from Connecticut and Illinois.

In addition, Target has reached a settlement agreement for the last remaining consumer class action lawsuit, according to a company spokeswoman, but that the agreement is still pending final court approval on the proposed settlement. The case was being held up by a single Texan holdout who argued that the payout was not large enough for the affected consumers, according to The Minneapolis/St. Paul Business Journal.

To date, Target has spent more than $150 million dollars to rectify the impact of its data breach. Aside from the costs required to pay out the settlement, Target is also required to adopt advanced security measures to protect customer information, including hiring an executive to oversee a comprehensive security program.  The company must also hire an independent third party to conduct a comprehensive security assessment and to implement encryption of card information to prevent the use of stolen data.