|
Idaho joins in settlement in Target breach |
|
May 23, 2017 |
Idaho Attorney General Lawrence Wasden
announced today that Idaho has joined 46 states
and the District of Columbia in reaching an
$18.5 million settlement with the Target
Corporation. The settlement addresses the
company’s 2013 data breach that affected more
than 41 million payment card accounts and
contact information for over 60 million
customers.
In Idaho, the breach affected approximately
140,000 payment card accounts and contact
information for approximately 280,000 customers.
The states’ investigation revealed that cyber
attackers accessed Target’s gateway server
through credentials stolen from a third-party
vendor. The credentials were then used to
exploit weaknesses in Target’s system, which
allowed the attackers to access a customer
service database and install malware on the
system and to capture data.
The attackers collected consumers’ full names,
telephone numbers, email and mailing addresses,
payment card numbers, expiration dates,
verification codes, and encrypted debit PINs.
The settlement requires Target to maintain an
information security program. Target also must
retain an independent third-party to conduct a
comprehensive security assessment of the
company.
Other mandatory provisions of the settlement
include maintaining appropriate encryption
policies, particularly as they pertain to
cardholder and personal information data,
segmenting its cardholder data environment from
the rest of its computer network; and
undertaking steps to control access to its
network, including implementing password
rotation policies and two-factor authentication
for certain accounts.
Idaho will receive $192,956 from the settlement
funds to cover its fees and investigative
expenses. |
|
Questions or comments about this
article?
Click here to e-mail! |
|
|
|
|
