HARTFORD, Conn. (WTNH) — An investigation led by the states of Connecticut and Illinois, that included 46 other states and DC, into the 2013 data breach at Target, has led to an $18.5 million settlement.
Connecticut Attorney General George Jepsen announced the settlement Tuesday, which he says is the largest multi-state data breach settlement to date.
The breach in November 2013 affected more than 41 million customer payment card accounts and contact information for more than 60 million customers.
The investigation determined that cyber-attackers accessed Target’s gateway server through credentials stolen from a third party vendor. Those credentials were then used to exploit weaknesses in Target’s system which allowed the attackers to access a customer service database and install malware.
It gave attackers access to customer names, phone numbers, addresses and e-mail addresses, payment card numbers, expiration dates, CVV1 codes and encrypted debit pins.
The settlement gives Connecticut $1,012,936 which will be placed in the state’s general fund.