Target has to pay $18.5M over that massive data breach

In 2013, hackers got into Target's system and stole info from millions of card users.

Remember Target's big data breach that happened during the 2013 holiday season? Well, the lawsuits over the massive hack – which affected 40 million credit and debit card users – have finally been settled.

According to Fortune, 47 states – including Minnesota – and Washington D.C. were involved in the settlement. And on Tuesday, attorneys general from around the U.S. released statements that a settlement had been reached.

As California Attorney General Xavier Becerra said, Target owes $18.5 million altogether.

"This should send a strong message to other companies: you are responsible for protecting your customers’ personal information," Becerra said. "Not just sometimes – always."

Target has issued a brief statement regarding the settlement.

"We’re pleased to bring this issue to a resolution for everyone involved," Target said, explaining it had been working closely with state attorneys general for the past few years.

States are all receiving different sums of money. California is getting the largest share with $1.4 million. New York is getting more than $635,000. Minnesota Attorney General Lori Swanson has not yet released a statement regarding how the settlement impacts Minnesota.

GoMN has reached out to Swanson's office for comment and will update this story when we hear back.

Preventing hacks

In addition to the payouts, Target also must adopt additional security measures to try to prevent something like this from happening again.

As the New York attorney general explained, the company must get an executive to look over a "a comprehensive information security program." And then hire a third-party company to assess its security.

Target also must implement and maintain encryption policies. That way if credit card information is ever stolen, it's jumbled enough that the hackers won't be able to use it.

The massive breach in 2013 took place between November and December. According to MPR, it involved more than 40 million customer payment cards, and exposed the contact information of at least 60 million shoppers.

An investigation found hackers were able to access Target's server and shopper data via credentials stolen by a third-party vendor.

MPR previously reported that 226,000 customers filed to get money back from Target. Target told Fortune the total cost of the whole data breach had been $202 million.

Next Up