Target pays out $18.5M to victims of infamous 2013 data breach

New York Attorney General Eric Schneiderman announced the deal, which involved 47 states and is described as the largest multi-state breach agreement in U.S. history.
(Mike Mozart/Flickr)

Target Corp. reached an $18.5 million settlement Tuesday concerning an infamous 2013 data breach that affected upwards of 100 million customers, New York Attorney General Eric Schneiderman announced Tuesday.

The deal involved 47 states and is described as the largest multi-state breach agreement in U.S. history. The settlement requires that Target maintain cybersecurity safeguards that were installed after the breach was first disclosed and implement appropriate encryption policies where possible.

Over the last several years, Target executives have worked with state authorities to address hundreds of claims related to the 2013 Christmas data breach — which caused the franchise’s then CEO Gregg Steinhafel to resign. A statement by a company spokesperson provided to the Associated Press reads: “we’re pleased to bring this issue to a resolution for everyone involved.”


The attack was blamed on Russian cybercriminals by more than one private sector cybersecurity firm; the U.S. government did not provide attribution in this case. Hackers compromised credit card numbers and other personal information for up to 110 million Target customers by specifically targeting payment systems used in Target storefronts across the country.

Investigators reviewing the Target breach case found in 2014 that the hackers originally gained access to Targets’ network by stealing login credentials from a third-party vendor.

“Consumers should also remain vigilant regarding their data, including monitoring credit card and bank statements and credit reports,” Virginia attorney general Mark Herring said in a statement.

Individual settlement payments are being organized on a per-state basis. For example, Virginia is set to receive $352,710.80 as part of the agreement, which will be delivered to victims of the breach.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts