Target Settles Credit Card Data Breach Case for $18.5 Million

MaskedManLaptop

Written By ESR News Blog Editor Thomas Ahearn

California Attorney General Xavier Becerra has announced a record $18.5 million multi-state settlement with Target, Inc. in response to allegations that more than 40 million customers had their payment card information compromised from a data breach during the 2013 holiday season after the retailer failed to provide reasonable data security, according to a press release on the Attorney General’s website.

California will receive more than $1.4 million – the largest share of any state – from the data breach settlement, which also requires Target to adopt advanced measures to secure customer information, employ an executive to oversee a comprehensive information security program, and encrypt or otherwise protect payment card information to make it useless if stolen.

“Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security,” Attorney General Becerra stated in the press release about the data breach settlement. “This should send a strong message to other companies: you are responsible for protecting your customers’ personal information. Not just sometimes – always.”

In addition, the settlement requires Target to integrate business practices recommended in the Attorney General’s Data Breach Reports previously published by the California Department of Justice.  The Final Judgment and Permanent Injunction is available here. The Complaint for Injunctive and Other Relief is available here. The Attorney General’s press release for the data breach settlement is available here.

Other companies have suffered a data breach. In September 2016, ESR News reported that technology company Yahoo! Inc. confirmed that user account information that may have included names, email addresses, phone numbers, dates of birth, passwords, and security questions was stolen from 500 million Yahoo user accounts by “a state-sponsored actor” in a massive data breach in late 2014.

A data breach can cost a company millions. In April 2016, ESR News reported that Sony Pictures agreed to pay an estimated $15 million to settle a class action lawsuit stemming from a data breach suffered by the studio in November 2014. According to the complaint, Sony Pictures “failed to secure its computer systems, servers, and databases despite weaknesses it has known about for years.”

In March 2016, ESR News reported that Home Depot Inc. agreed to pay $19.5 million to compensate approximately 40 to 50 million consumers affected by a massive data breach in 2014. Home Depot will set up a $13 million settlement fund to reimburse consumers affected by the data breach for out-of-pocket losses and spend $6.5 million for free identity protection services for data breach victims.

In September 2016, the Federal Trade Commission (FTC) issued a Data Breach Response: A Guide for Business that outlines steps that businesses should take when experiencing a data breach. A blog on the FTC website about the guide describes how businesses can quickly secure their systems if employees lose laptops, hackers get into customer databases, or information is inadvertently posted on websites.

With the data breach problem front page news, industries dealing with sensitive and confidential information know ensuring data security. The fact that businesses will seek stronger security measures to protect against the data breach problem – including from background screening providers – is one of the Employment Screening Resources® (ESR) Top Ten Background Check Trends for 2017.

One data breach protection measure is a Service Organization Control (SOC) Report®, a comprehensive independent examination performed annually to ensure that an screening provider meets the current high standards set by the American Institute of Certified Public Accountants (AICPA) to protect privacy, security, and confidentiality of consumer information using stringent criteria established by the AICPA.

Another data breach protection measure is accreditation from the National Association of Professional Background Screeners (NAPBS®), which represents over 750 member background screening companies. To become accredited, screening firms must complete the Background Screening Agency Accreditation Program (BSAAP), a rigorous audit of policies and procedures conducted by an independent auditor.

 “It has clearly become a best practice for business with sensitive data such to utilize a SOC 2® report when considering a background screening provider and to also make sure that the screening firm has achieved NAPBS Accreditation,” says ESR founder and CEO Attorney Lester Rosen, who chose the list of top background check trends available at www.esrcheck.com/ESR-Top-Ten-Background-Check-Trends.

ESR Helps Protect Against Data Breach Problems

Employment Screening Resources® (ESR) is a global background check firm and a strategic choice for businesses needing accuracy and compliance in their screening programs. ESR is accredited by the NAPBS® and undergoes annual SOC 2® audits to ensure that ESR protects the privacy, security, and confidentiality of consumer background check information. To learn more, visit www.esrcheck.com.

Visit ESR on social media: Like ESR on FacebookFollow ESR on Twitter & Join ESR on LinkedIn.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2017 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.