MINNEAPOLIS _ Target Corp. will pay $18.5 million after reaching a settlement with 47 states over its 2013 data breach.
The agreement is the largest multistate data breach settlement to date. It requires Target to develop, implement and maintain a comprehensive information security program.
The Minneapolis-based retailer has already put in place a number of security protocols since cyberthieves infiltrated its systems in November 2013 and gained access to the payment card information of 41 million customers and the personal information of 60 million customers.
Jenna Reck, a Target spokeswoman, noted that the costs related to the settlement are already reflected in the data breach liability reserves that Target previously recognized and disclosed.
"We're pleased to bring this issue to a resolution for everyone involved," she said in a statement.