Target to Pay $18.5 Million in Data Breach Settlement

Target has agreed to pay $18.5 million to settle claims made by 47 states and the District of Columbia to resolve a multi-state investigation into the retailer’s massive data breach in late 2013, CNBC reports. The investigation, which was led by the Attorneys General of Illinois and Connecticut, discovered that the cyber attackers had accessed Target’s gateway server through credentials that were stolen from a third-party vendor. This was arguably one of the biggest data breaches to hit a U.S. retailer.

Target had reported that hackers pilfered data from up to 40 million credit and debit cards of shoppers who visited its store during the 2013 holiday shopping season. California will get more than $1.4 million from this settlement, the largest slice of the pie. The costs associated with the settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed, the company announced in a statement. Target has also put the total cost of the data breach at $202 million. The retailer has settled with the states and financial institutions, but has yet to finalize a settlement on a pending consumer class action lawsuit.

Settlement Details

As part of this settlement with the states, Target is required to adopt advanced measures to secure consumer information. This includes employing an executive whose job is to primarily oversee a comprehensive security program and advise its CEO and the board. Under this agreement, Target is also required to hire an independent, third party to conduct a comprehensive security assessment and encrypt or otherwise protect card information to make it useless if stolen.

The Reality of Data Breaches

Data breaches are more common than they’ve ever been. This is obviously because almost all of our personal information is stored digitally. The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a report recently released by the Identity Theft Resource Center and Cyberscout. This represents a substantial hike of 40 percent of the near record high of 780 reported in 2015.

Since 2005, the ITRC has been identifying data breaches in five industry sectors. In 2016, the business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2 percent of the overall number of breaches. This was followed by the healthcare/medical industry (377 incidents), representing 34.5 percent of the overall total. The education sector (98) followed at 9 percent, the government/military (72) at 6.6 percent and the banking/credit /financial sector (52) at 4.8 percent.

How Can You Protect Yourself?

There is no question that millions of consumers in the United States have already had their personal information compromised in these data breaches. That includes the loss or theft of such sensitive data as credit card and debit card numbers (and their expiration dates), Social Security numbers and health records. You may feel helpless in the aftermath of a massive data breach such as the one that affected Target. However, there are many steps you can take to protect yourself and prepare for the worst. A groundbreaking California state law was the first to require companies to notify consumers about security data breaches. Consumers are better off for it because they now know what types of steps they need to take if their critical data has been stolen. Here are a few tips to avoid falling victim to a data breach or to defend your already compromised information.

  • Be sure to do your homework. Before doing business with a financial institution, go online for information about past data breaches. Look at a company’s website, their press releases. See if they’ve had prior data breaches and what they’ve done to secure consumer data.
  • Prioritize which of your information needs protection. Some information is more important than others. According to experts, your Social Security number is at the highest risk of being stolen, even more than credit card numbers. Other information such as health records, date of birth represents a lower risk, but should still be protected. It’s a fairly common practice now to list your date of birth on Facebook, but experts warn against this practice.
  • Stick with credit because lost credit card information represents a lower risk than the loss of debit card information. Many credit card issuers have zero-liability policies to protect consumers from unauthorized charges on credit or debit cards. It can take more time to recover debit card funds since they are directly taken from your account.
  • Monitor all your accounts. For example, if your bank notifies you that one credit card was compromised, be vigilant about scanning your entire credit report for any strange or unauthorized activity.
  • Continue to monitor your accounts for an extended period of time following the actual breach. Data can remain unused for a long time. So, keep monitoring your accounts.
  • Make use of the free credit monitoring service that may be offered to you after a data breach. This is a good way of spotting any follow up fraud activity. A credit freeze can prevent fraudsters from opening any new accounts in your name. Make use of free credit reports that are available annually from each of the three major credit bureaus – Equifax, TransUnion and Experian.
  • Be prepared for phone calls from debt collectors seeking money for accounts that were fraudulently opened in your name. Learn the identity of the debt collector and the lender.

Be vigilant, but there is no cause for panic. Most instances of data breach don’t actually result in identity theft. As long as you are paying attention to charges on your bank and credit card accounts, there is no liability or real harm. So, as long as you are paying attention, there is no reason to despair, even if you have been the victim of a massive data breach.

If you have suffered losses as the result of a data breach, you may be able to join a class action lawsuit seeking compensation and to hold the at-fault corporations accountable. If you are the victim of a data breach and/or identity fraud, contact an experienced California consumer law firm that can help protect your rights and hold the at-fault parties liable.