“This data breach jeopardized the financial information of millions of Target customers in Florida and across the nation,” said Florida Attorney General Pam Bondi. “Under our multistate settlement announced today, Target consumers are now better protected from cyberattacks.”
Other lawsuits with private attorneys representing consumers have produced higher amounts, such as $19.5 million announced last year to settle a 2014 Home Depot data breach.
Target’s 2013 data breach affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. A company statement said Target was “pleased to bring this issue to a resolution for everyone involved.”
The Target settlement agreement requires the retailer to maintain a comprehensive information security program and to employ an officer responsible for executing it, plus hire an independent, qualified third-party to conduct a security assessment.
In addition, it requires Target to maintain appropriate encryption policies and wall off its cardholder data from the rest of its computer network, state officials said. Earlier Target agreed to provide free credit monitoring to potential victims.