Target Settles with NH

NH states’ investigation found that on or about November 12, 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third party vendor. The credentials were then used to exploit weaknesses in Target’s system which allowed the attackers to access a customer service database; to install malware on the system and to capture data including consumer data comprised of full names, telephone numbers, email addresses and mailing addresses; payment card numbers, expiration dates and CVV1 codes and encrypted debit PINs. The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers.
In addition to the monetary payment to the states, the settlement agreement requires Target to develop, implement and maintain a comprehensive information security program and to employ an executive or officer who is responsible for executing the plan. The company is required to hire an independent, qualified third party to conduct a comprehensive security assessment.
The settlement further requires Target to maintain and support software on its network; to maintain appropriate encryption policies, particularly as pertains to cardholder and personal information data; to segment its cardholder data environment from the rest of its computer network and to undertake steps to control access to its network including implementing password rotation policies and two factor authentication for certain accounts.
New Hampshire will receive $186,721.17 from the settlement.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s