Va. attorney general to recoup money for Target data breach investigation

6/2/2017, 7:37 a.m.
Remember when Target reported in November 2013 that hackers had stolen the personal and credit card data for more than ...
Mr. Herring

Remember when Target reported in November 2013 that hackers had stolen the personal and credit card data for more than 60 million customers?

Nearly four years later, the retail giant has agreed to pay $18.5 million to resolve the investigation of 47 state attorneys general into the cyber attack, including Virginia Attorney General Mark R. Herring.

Mr. Herring announced Tuesday that Virginia will receive $352,710 as its share of the settlement, mostly to recoup the cost of the work undertaken by his office.

The incident was one of the largest publicly disclosed hacks of a retail company. While more than 60 million customers were affected, the most serious problems impacted 41 million customers whose personal data from payment card accounts was stolen.

The computer thieves, exploiting weaknesses in Target’s system, were able to gain names, telephone numbers, email and mailing addresses, payment card numbers, codes and expiration dates and encrypted debit card PINs.

“This settlement requires Target to provide security safeguards and create and maintain a comprehensive data security program,” including employing an executive to execute the plan, Mr. Herring said.

Target also must keep customer data separate from the rest of its internal computer network, he said, and have an independent company monitor the company’s security program to ensure that it remains strong enough to prevent further thefts of customer data.

Mr. Herring described the settlement, which essentially memorializes steps the company has long since taken, as a model that other companies should follow.

He also urged consumers to remain vigilant regarding their data, including monitoring credit card and bank statements and credit reports.

“Unfortunately, attacks like the one that occurred at Target are becoming all too frequent, and businesses and consumers alike should do everything they can to safeguard personal and financial information,” he added.

Since that attack, Target has not reported another data breach, and there have been no widespread reports of customers having their identities stolen as a result of the first theft. The company has provided free credit monitoring to customers as part of its effort to restore trust in its ability to hold onto data. — Jeremy M. Lazarus