NH joins states in Target $18.5 million settlement resolving company breach
New Hampshire has joined with 46 other states and the District of Columbia in an $18.5 million settlement with the Target Corporation to resolve the states' investigation into the retail company's 2013 data breach.
Attorney General Gordon J. MacDonald announced the news Tuesday as well that the settlement represents the largest multi-state data breach settlement achieved to date.
The investigation founded around November 12, 2013 cyber attackers accessed Target's gateway server through credentials stolen from a third party vendor. The credentials were used to exploit weaknesses in Target's system allowing attackers to access a customer service database to install malware on the system and to capture data including full names, phone numbers, email addresses, mailing address, credit card numbers, expiration dates, CVV1 codes and encrypted debit PINS.
The breach affected more than 41 million customer payment card accounts and the contact information for more than 60 million customers.
The settlement agreement requires Target to not only provide monetary payment to the states, but must develop and implement an information security program and employ an executive who is responsible for executing the plan. Target is required to hire an independent, qualified third party to conduct a comprehensive security assessment.
New Hampshire will receive $186,721.17 from the settlement.