Target data breach results in settlement for Coloradans

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

DENVER — Colorado Attorney General Cynthia Coffman said Wednesday the $18.5 million settlement with Target is the largest multistate data breach settlement achieved to date.

Colorado will receive $278,914 from the settlement.

The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers.  An estimated 1 million Colorado consumers were affected by the breach.

Coffman will convene a working group over the summer focused on strengthening Colorado’s data breach laws and privacy protections.

Cyberattackers accessed Target’s gateway server in November 2013 through credentials stolen from a third-party vendor.

The credentials were then used to exploit weaknesses in Target’s system, allowing the attackers to access a customer service database and capture data.

The settlement also requires Target to develop a security program, hire a third party to conduct a comprehensive security assessment and undertake steps to control access to its network.