ComputerWeekly.com mentioned in this post that US retailer Target has agreed to an $18.5m settlement with 47 US states and the District of Columbia over its 2013 data breach that affected tens of millions of customers.
The settlement comes on top of the $202m Target has spent on legal fees and other costs since the breach, according to the company’s most recent annual statement.
What happened at Target’s?
Cyber attackers stole the payment card data of more than 41 million customers as well as the contact information of more than 60 million customers.
Thorough investigation showed that that cyber criminals had gained access to Target’s gateway server using credentials stolen they stole from a heating, ventilation and air conditioning contractor in November 2013.
This contractor was connected to Target’s systems to provide electronic billing services, contract submissions and project management services.
Once on the gateway server, the cyber criminals were then able to exploit weaknesses in the IT system to access a customer service database and install data stealing malware, stealing data such as customers’ full names, phone numbers, email addresses, home addresses and payment card data such as expiration dates, encrypted security codes and encrypted PINs.
Related posts
- Slovenia receives CEF Funding for e-invoicing adoption
- US Billtrust receives USD 50 million in funding
- “PEPPOL – Does anyone care?” [LinkedIN discussion]
- Italy wants to make B2B e-invoicing mandatory, combating VAT fraud
- Introducing: the E-invoicing Yearbook 2017 – Q1 [Free download]
- Thomas Bravo / Hyland buys Readsoft, Kofax, Perceptive Software from Lexmark
- Robotic Acccounting startup raises USD30 million investment
- Mandatory e-invoicing for Vietnamese companies as from 2018
- Five big benefits of UBL e-invoicing for the receiver
- OneTrail and Esker receive UBL Ready label; now 96 participants