California Attorney General Xavier Becerra has announced a record $18.5 million multi-state settlement with Target, in response to allegations that more than 40 million customers had their payment card information compromised during the 2013 holiday season after the company failed to provide reasonable data security.
California will be receiving more than $1.4 million from the settlement, the largest share of any state.
Becerra said the settlement reflects the commitment of the California Department of Justice to defending Californians from cybersecurity threats and holding accountable companies that fail to fulfill their responsibility to protect customer information.
“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security,” said Becerra. “This should send a strong message to other companies: you are responsible for protecting your customers’ personal information. Not just sometimes -- always. As our state's chief law enforcer, it's my job to give Californians the confidence to know that I've got their back.”
As part of the settlement, Target is required to adopt advanced measures to secure customers’ information. The settlement requires Target to employ an executive to oversee a comprehensive information security program and advise its CEO and Board, encrypt or otherwise protect payment card information to make it useless if stolen, and adopt other technological measures. In addition, the settlement in part requires Target to integrate business practices recommended in the Attorney General's Data Breach Reports previously published by the California Department of Justice.