The US retail behemoth Target has agreed to pay $18.5m as compensation for the 2013 data breach that affected over 60m of its customers and 41m payment card accounts across 48 states.
Hackers used stolen credentials to exploit weaknesses in the company’s system, allowing them to infiltrate a customer service database, install malicious malware and harvest a large crop of sensitive consumer data. Some six months later, Target noticed signs of malicious activity but chose to ignore it.
As well as shelling out millions of dollars, the settlement dictates that Target must beef up its security systems by implementing better encryption, cardholder data security, password rotation and two-factor authentication. They also have to hire a security officer and have their systems checked by an independent assessor.
The story serves as a warning to businesses of all sizes – real legal and financial consequences can result from cyber incidents, and they can be all the more damaging when coupled with bad PR. So ensure you have a solid cybersecurity infrastructure in place and be prepared for when the worst happens.