AUSTIN (CBSDFW.COM) – The Texas Attorney General announced Tuesday an $18.5 million settlement with the Target Corporation to resolve a multistate investigation into the retail company’s 2013 data breach.READ MORE: NASCAR To Require Masks In Enclosed Areas Going Forward
The breach affected more than 41 million customer payment card accounts, along with contact information for more than 60 million customers, according to a news release from Attorney General Ken Paxton’s office on Tuesday.
To date the settlement amount is the largest related to a data breach achieved by a multistate group, according to the Texas Attorney General’s Office.
The states’ investigation found that cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor around November 12, 2013.READ MORE: Centers For Disease Control Issues New Eviction Moratorium
The credentials were used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database, install malware on the system and capture consumer’s personal information and banking information.
“Cyber threats and identity theft are of increasing concern to Texas consumers,” Attorney General Paxton said. “Today’s settlement underscores that in the 21st century, a business that obtains consumers’ personal information must be proactive in maintaining reasonable safeguards to protect that information.”
In addition to the financial terms, the settlement requires Target to develop, implement and maintain a comprehensive information security program and hire an executive officer to oversee the program. The company must also hire an independent, qualified third-party to conduct a comprehensive security assessment.
The settlement further requires Target to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network; and to undertake steps to control access to its network, including implementing password rotation policies and two-step authentication for certain accounts.MORE NEWS: High Transmission Risk Leads Dallas County To Raise COVID Threat Level To Red
Texas along with 46 other states and the District of Columbia participated in the investigation and settlement.