Maryland gets a piece of Target data breach settlement

Most U.S. states signed off Tuesday on a settlement with Target in connection with a massive data breach, and Maryland is among them.
The big box retailer agreed to pay $18.5 million in connection with the 2013 breach, which affected 41 million customer payment card accounts and exposed the contact info of 60 million customers. The data exposed included names, addresses and credit card info including encrypted debit PINs. It’s the largest settlement of its kind to be reached by multiple states.
In all, 46 states and D.C. will receive payouts. Maryland will get more than $600,000, according to the Daily Record.
“As a result of this settlement agreement, Target will bolster its security to prevent future data breaches,” Maryland Attorney General Brian Frosh said in a statement. “Maryland consumers should remain vigilant in protecting their personal information and take necessary steps if their identities have been stolen.”
The attackers behind the breach exploited multiple security weaknesses to access a customer service database and install malware, according to the settlement. Along with money, Target will have to bring in a third party to assess the company’s info security, and put an executive in charge of implementing a plan to improve. Target is also required to put steps in place from segmenting cardholder data from the rest of the network, to ensure that passwords have two-factor authentication.