Target has agreed to pay $10m worth of damages to victims of its 2013 “mega data breach”, in a proposed settlement to a class-action lawsuit against it.
CBS News reported the deal, claiming that if approved by a federal court judge, individual victims could be paid as much as $10,000 in damages.
Target had not responded to V3‘s request for comment on the report at the time of publishing.
The Target breach is believed to have occurred between 27 November and 15 December 2013, and saw hackers break into Target’s systems and steal customers’ credit and debit card numbers, card expiration dates and debit card PINs.
The hackers also stole as many as 70 million customers’ names, phone numbers and email and mailing addresses. Numerous security firms subsequently reported finding Target customer details being sold on a number of underground forums.
The data breach was credited as one of the biggest in history and led to a complete overhaul of Target’s security strategy and systems, as well as a shake-up in the firm’s upper management.
Target chief information officer (CIO) Beth Jacob resigned from her role in the wake of a data breach in March 2014. Target chief executive Gregg Steinhafel soon followed, stepping down from his role in May 2014.
The breach has already had serious financial consequences for Target. Target revealed that the cost of the breach had reached $162m in February.
The class-action lawsuit against it in the US District Court of Minnesota is one of many being mounted against Target. The US Department of Justice is also mounting its own investigation into the breach.
Target is one of many firms to suffer mass data breaches over the past few years. TalkTalk admitted falling victim to a data breach that let criminals defraud thousand of pounds from its customers in February.
Law enforcements have been racing to combat data breaches. US law enforcement charged three men believed to have been behind “the largest data breach in US history” in March.
US president Barack Obama outlined plans to create an improved data breach reporting regime for businesses hit by hackers in January.