Target Corp. will pay 47 states and the District of Columbia a total of $18.5 million as part of a settlement over its 2013 data breach. The breach compromised tens of millions of customers’ credit and debit cards, and led to the resignation of longtime CEO Gregg Steinhafel. As part of the settlement, Target will be forced to employ an executive to manage “a comprehensive information security program” and advise the board of directors and CEO, Brian Cornell, according to a statement in the Los Angeles Times. Target must also hire an independent third party to do a comprehensive security assessment, encrypt payment card information, separate cardholder data from the rest of the computer network and institute password rotation policies.
Total Retail’s Take: The government is sending a strong message to retailers, using Target as an example of what could happen if they don’t protect consumer data. Data security, if not evident before, should be a top priority for companies. Target is paying a hefty price for its breach. The retailer has since overhauled its security systems and settled other lawsuits related to the 2013 breach. A $10 million settlement for a class-action lawsuit brought by consumers is still going through the court system, though it received approval from a federal judge in 2015.