CHARLESTON, WV (NEWS RELEASE) — West Virginia Attorney General Patrick Morrisey announced an $18.5 million settlement between national retailer Target, 47 states and the District of Columbia to resolve allegations stemming from a massive data breach in 2013.
West Virginia will receive $200,044 from the record-breaking agreement, which instantly ranks as the nation’s largest multistate data breach settlement to date.
“Our office works to protect and defend consumers,” Attorney General Morrisey said. “This settlement is a victory for West Virginia consumers. It represents the diligent work of our office in holding corporations accountable for customers’ privacy.”
The Nov. 12, 2013, data breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers.
The states allege cyber attackers used stolen credentials to access Target’s server, which allowed the attackers to exploit weaknesses in the company’s system. The thieves installed malware and captured sensitive consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes and encrypted personal identification numbers.
The settlement additionally requires Target to develop, implement and maintain a comprehensive information security program. It mandates the hiring of an executive to implement the plan and an independent, qualified third-party to conduct a comprehensive security assessment.
The settlement further requires Target to maintain appropriate encryption of consumer data, segment its cardholder data environment from the rest of its network and undertake steps to control access to that network, including use of password rotation policies and two-factor authentication for certain accounts.
West Virginia participated in the Connecticut- and Illinois-led settlement with Alaska, Arizona, Arkansas, California, Colorado, Delaware, Florida, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington and the District of Columbia.