DENVER — Colorado Attorney General Cynthia Coffman said Wednesday the $18.5 million settlement with Target is the largest multistate data breach settlement achieved to date.
Colorado will receive $278,914 from the settlement.
The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers. An estimated 1 million Colorado consumers were affected by the breach.
Coffman will convene a working group over the summer focused on strengthening Colorado’s data breach laws and privacy protections.
Cyberattackers accessed Target’s gateway server in November 2013 through credentials stolen from a third-party vendor.
The credentials were then used to exploit weaknesses in Target’s system, allowing the attackers to access a customer service database and capture data.
The settlement also requires Target to develop a security program, hire a third party to conduct a comprehensive security assessment and undertake steps to control access to its network.