{"id":2898,"date":"2017-06-15T11:40:37","date_gmt":"2017-06-15T15:40:37","guid":{"rendered":"https:\/\/www.lindabury.com\/firm\/?p=2898"},"modified":"2017-06-15T11:40:37","modified_gmt":"2017-06-15T15:40:37","slug":"lessons-learned-targets-data-breach-settlement","status":"publish","type":"post","link":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html","title":{"rendered":"Lessons Learned from Target\u2019s Data Breach Settlement"},"content":{"rendered":"

By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target acknowledged that hackers gained access to credit card and debit card data from up to 40 million of its customers. In the time since the breach, much attention has been given to its aftermath and what impact it would have on the future of cybersecurity<\/a>. That future appears to have arrived, at least in part, with the announcement of a record-setting settlement between Target and forty-seven states, as well as the District of Columbia.<\/p>\n

Under the settlement agreement, Target will pay $18.5 million to the participating states, which is in addition to $10 million that Target has already paid to consumers in a settlement of a private class action lawsuit and $39 million Target paid to several banks that serviced MasterCards used by Target\u2019s customers. Yet, the settlement is noteworthy for several reasons beyond the staggering financial component, and the implications that are left behind offer some useful guidance for companies hoping to avoid suffering a similar fate to Target\u2019s.<\/p>\n

First, anyone looking for direction on how to structure their own company\u2019s internal cybersecurity protocols<\/a> and defenses in a way that would ostensibly comply with the standards acceptable to their respective state\u2019s Attorney General can now look to the settlement agreement as a model (except if you live in Alabama, which did not participate in the settlement as it lacks a state data breach notification law, or Wisconsin or Wyoming, which chose to not participate in the settlement). While the settlement is not binding on anyone but Target, it represents a joint effort by nearly every state’s Attorneys General to insure future cyber-breaches of the same magnitude as Target\u2019s do not occur. This means that it is likely a strong indicator of what state enforcement agencies are going to look for in future investigations when determining if a company had proper cybersecurity<\/a> safeguards in place. For instance, the agreement mandates that Target implement corrective measures such as maintaining appropriate encryption policies, implement password rotation policies and two factor authentication and even segmenting cardholder data from the rest of Target\u2019s computer network. Incorporating such protections into your company\u2019s cybersecurity and data privacy protocols<\/a> is a sound practice and now appears to be one that carries at least some unofficial governmental approval.<\/p>\n

Continue Reading \u203a<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"

By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target acknowledged that hackers gained access to credit card and debit card data from up to 40 million of its customers. In the time since the breach, much attention has […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[307,88,65],"tags":[],"coauthors":[178],"class_list":["post-2898","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-data-privacy-insights","category-levine","category-insights"],"acf":[],"yoast_head":"\nLessons Learned from Target\u2019s Data Breach Settlement — June 15, 2017 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events<\/title>\n<meta name=\"description\" content=\"By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lessons Learned from Target\u2019s Data Breach Settlement — June 15, 2017 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events\" \/>\n<meta property=\"og:description\" content=\"By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html\" \/>\n<meta property=\"og:site_name\" content=\"Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-15T15:40:37+00:00\" \/>\n<meta name=\"author\" content=\"Eric B. Levine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eric B. Levine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lessons Learned from Target\u2019s Data Breach Settlement — June 15, 2017 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events","description":"By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html","og_locale":"en_US","og_type":"article","og_title":"Lessons Learned from Target\u2019s Data Breach Settlement — June 15, 2017 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events","og_description":"By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target","og_url":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html","og_site_name":"Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events","article_published_time":"2017-06-15T15:40:37+00:00","author":"Eric B. Levine","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Eric B. Levine","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html","url":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html","name":"Lessons Learned from Target\u2019s Data Breach Settlement — June 15, 2017 — Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events","isPartOf":{"@id":"https:\/\/www.lindabury.com\/firm\/#website"},"datePublished":"2017-06-15T15:40:37+00:00","author":{"@id":"https:\/\/www.lindabury.com\/firm\/#\/schema\/person\/429b3bd6b52a7aa6eb9a0709bbb4d06f"},"description":"By now, most people are familiar with the 2013 data breach reported by Target. Described as one of the largest data breaches in U.S. history, Target","breadcrumb":{"@id":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.lindabury.com\/firm\/insights\/lessons-learned-targets-data-breach-settlement.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"\/"},{"@type":"ListItem","position":2,"name":"Insights","item":"https:\/\/www.lindabury.com\/firm\/insights"},{"@type":"ListItem","position":3,"name":"Lessons Learned from Target\u2019s Data Breach Settlement"}]},{"@type":"WebSite","@id":"https:\/\/www.lindabury.com\/firm\/#website","url":"https:\/\/www.lindabury.com\/firm\/","name":"Lindabury, McCormick, Estabrook & Cooper, P.C. Firm News & Events","description":"Published by Lindabury, McCormick, Estabrook & Cooper","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.lindabury.com\/firm\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.lindabury.com\/firm\/#\/schema\/person\/429b3bd6b52a7aa6eb9a0709bbb4d06f","name":"Lindabury, McCormick, Estabrook & Cooper, P.C.","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.lindabury.com\/firm\/#\/schema\/person\/image\/3f2ca7450f0195db092bccff4fb8982e","url":"https:\/\/secure.gravatar.com\/avatar\/a19d0fac94b8d3d657028926f65c841917c5f8f0dd3f23ad394e83f16c690e09?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a19d0fac94b8d3d657028926f65c841917c5f8f0dd3f23ad394e83f16c690e09?s=96&d=mm&r=g","caption":"Lindabury, McCormick, Estabrook & Cooper, P.C."},"sameAs":["https:\/\/www.lindabury.com"]}]}},"yoast":{"focuskw":"","title":"","metadesc":"","linkdex":"","metakeywords":"","meta-robots-noindex":"","meta-robots-nofollow":"","meta-robots-adv":"","canonical":"","redirect":"","opengraph-title":"","opengraph-description":"","opengraph-image":"","twitter-title":"","twitter-description":"","twitter-image":""},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/posts\/2898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/comments?post=2898"}],"version-history":[{"count":1,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/posts\/2898\/revisions"}],"predecessor-version":[{"id":2899,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/posts\/2898\/revisions\/2899"}],"wp:attachment":[{"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/media?parent=2898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/categories?post=2898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/tags?post=2898"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.lindabury.com\/firm\/wp-json\/wp\/v2\/coauthors?post=2898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}