FOR IMMEDIATE RELEASE: May 23, 2017
Contact: James Hallinan (505) 660-2216
Española, NM – Attorney General Hector Balderas announced today that New Mexico reached a $205,163.99 settlement with Target. The settlement addresses the company’s 2013 data breach that affected more than 41 million payment card accounts and contact information for over 60 million customers. New Mexico joined 46 other states and the District of Columbia in an investigation that resulted in a total settlement of $18.5 million.
“New Mexicans’ personal and financial information is priceless, and big corporations must safeguard that information to the highest degree if they seek to do business with our citizens,” said Attorney General Balderas. “I am pleased to bring in this $200,000 settlement to our state during a time of great financial strain.”
The states’ investigation revealed that cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database and install malware on the system and to capture data. The attackers collected consumers’ full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, verification codes, and encrypted debit PINs.
The settlement requires Target to maintain an information security program. Target also must retain an independent third-party to conduct a comprehensive security assessment of the company. Other mandatory provisions of the settlement include:
- maintaining appropriate encryption policies, particularly as they pertain to cardholder and personal information data;
- segmenting its cardholder data environment from the rest of its computer network; and
- undertaking steps to control access to its network, including implementing password rotation policies and two-factor authentication for certain accounts.
# # #