Connecticut and 47 other states have reached an $18.5 million settlement with Target Corp. over a data breach the big-box retailer disclosed in late 2013.
Connecticut will receive $1 million from Target, according to Attorney General George Jepsen, who along with his Illinois counterpart led the more than three-year investigation into the breach, which affected 41 million people across the country.
Besides the payments to states, Target has agreed to implement and maintain a “comprehensive information security program” and hire an executive or officer to execute the plan, Jepsen said Tuesday. An independent third-party will also conduct a security assessment.
Jepsen said he and other AGs believe the retailer’s security protocols were inadequate, but neither side is to represent the settlement as a sanction or approval of Target’s business practices.
Jepsen credited Target for cooperating with the investigation and the negotiations that led to the settlement, which was signed by Target last week, according to a copy provided by Jepsen’s office.
Target said Tuesday that it’s “pleased to bring this issue to a resolution for everyone involved.”
“The costs associated with this settlement are already reflected in the data breach liability reserves that Target has previously recognized and disclosed,” the company said in a statement.
DOWNLOAD PDFs
