Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls

  /     /     /  
Publicated : 22/11/2024   Category : security


Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls


Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.



Target will pay a total of $18.5 million to 47 states and the District of Columbia as part of an agreement with the state attorneys general, the New York Times 
reports
.
The settlement for the 2013 security breach that compromised the data of millions of Target customers also mandates that Target implement specific security controls and a governance framework around cybersecurity, and follow certain audit and reporting guidelines.
The $18.5M payout is only a fraction of the Target breachs total cost. Target has shelled out $202 million on legal fees and other costs since the attack, the company reported in its annual
statement
. However, the fine is significant for a number of reasons.
It signals the fact that the AGs will continue to use financial penalties to hold companies accountable for data breaches involving both personally identifiable information and other financial information, says Viewpost CSO Christopher Pierson, noting that $18.5M is the largest fine to date for State AGs.
Pierson acknowledges many of the security controls mandated in the settlement reportedly were already n place at Target, but says this signifies a positive direction toward a more robust program wrapped around controls from a risk and operations perspective.
He calls this settlement a shot across the bow for all companies to take security and privacy seriously, and try to mitigate the number and scope of data breaches. While it does not require the CISO report to the board and CEO, it does require reporting throughout the year.
Given the size, scope, and impact of this particular breach, it appears like an opportunity was missed to have cybersecurity be a direct reporting line to the CEO in a way that supports the cyber risks faced by major businesses today, Pierson says.
Target confirmed its systems were breached in late December 2013. Attackers stole 40 million credit card numbers, as well as their cardholders names, expiration dates, and CVV codes. Any customer who used a credit or debit card between Nov. 27 and Dec. 15 was at risk.
This settlement marks the end of an investigation into how the hackers broke in. It was determined that attackers took credentials from a third-party vendor, and used them to breach a customer database and install malware that could be used to pilfer more customer data.
Given the attackers point of entry, Pierson says this breach calls for the resurgence of holistic security programs that combine information assurance, vendor assurance, and procurement/contracting to ensure companies are monitoring their data and who has access to it.
Related Content
Data Breach, Vulnerability Data on Track to Set New Records in 2017
Credential-Stuffing Threat Intensifies Amid Password Reuse
9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls