MINNEAPOLIS _ Target Corp. will pay $18.5 million after reaching a settlement with 47 states over its 2013 data breach.
The agreement is the largest multistate data breach settlement to date. It is one of several settlements Target has reached with various parties after cyberthieves infiltrated its systems in November 2013 and gained access to the payment card information of 41 million customers and the personal information of 60 million customers.
Jenna Reck, a Target spokeswoman, noted that the costs related to the settlement are already reflected in the data breach liability reserves that Target previously recognized and disclosed.
"We're pleased to bring this issue to a resolution for everyone involved," she said in a statement.
In its most recent annual report, Target said it has resolved the "most significant claims" related to the breach. The Minneapolis-based retailer said it has incurred $292 million of cumulative breach-related expenses, which were partly offset by insurance recoveries of $90 million for a net of $202 million.
In addition to this agreement, Target reached a $10 million settlement in March 2015 in a class-action consumer lawsuit. But that settlement has not been officially approved and consumers have not yet received a payout from it because objections by a member of the class have held it up. Target has also reached various agreements with financial institutions.
Following the data breach, Target took a number of steps to shore up its systems, including hiring Brad Maiorino from General Motors to be its first chief information security officer. Maiorino left the company earlier this year to take a job at consulting firm Booz Allen Hamilton. Target has since promoted Rich Agostino, who was on Maiorino's team, to the top security post.
