LOUISVILLE, Ky. (WDRB) -- Kentucky, Indiana are among states that will get a share of an $18.5 million settlement with Target Corporation.
Settlement resolves the probe into the discounter's massive pre-Christmas data breach in 2013. Target's breach, which occurred between Nov. 27 and Dec. 15 of 2013, affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers.
Kentucky Attorney General Andy Beshear says the Commonwealth's general fund will receive $209,000 from the multi-million dollar settlement that includes 47 states and the District of Columbia. The settlement does not affect any private right of action by the 700,000 Kentuckians affected by the breach.
Indiana Attorney General Curtis Hill said says the state will receive more than $623,000 from the settlement to use at its discretion, including depositing the money into its Consumer Protection Division fund.
The investigation by the states uncovered that cyber attackers accessed Target's gateway server through credentials stolen from a third-party vendor. That allowed computer hackers access install malware that gave it access to the company's customer service database. The data compromised included full names, telephone numbers, email addresses and mailing addresses, payment card numbers, expiration dates and CVV1 codes and encrypted debit PINs.
The settlement requires Target to maintain appropriate encryption policies and take other security steps.The company offered free credit reports for potentially affected shoppers.
Copyright 2017 WDRB Media. All Rights Reserved.