AUSTIN, Texas (KWTX) A group that includes Texas, 46 other states and the District of Columbia announced Tuesday they’ve reached an $18.5 million settlement with the Target Corporation over the company’s data breach in 2013, which affected the payment card accounts of more than 41 million customers and contact information for more than 60 million.
The multi-state investigation revealed that cyber thieves accessed Target’s gateway server using credentials stolen from a third-party vendor in November 2013.
The thieves were able to access a customer service database, install malware, and capture the personal and banking information of the chain’s customers, the investigation showed.
“Today’s settlement underscores that in the 21st century, a business that obtains consumers’ personal information must be proactive in maintaining reasonable safeguards to protect that information,” Texas Attorney General Ken Paxton said Tuesday.
The settlement also requires the company to develop and implement a comprehensive information security program, hire an executive to oversee it, and to hire a third-party to conduct a comprehensive security assessment, the Texas Attorney General’s Office said in a press release Tuesday.