Consumer Alert

Alaska Joins Settlement with Target Corporation over 2013 Data Breach

On May 23, 2017, Alaska joined 46 states and the District of Columbia in a settlement with Target Corporation to resolve the states’ investigation into the retail company’s 2013 data breach.

The states’ investigation found that in November 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database, install malware on the system, and access consumer payment card data. The consumer data accessed by the hackers included full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs.

The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers nationwide.

The settlement requires that Target develop, implement, and maintain a comprehensive information security program, and to undertake steps to control access to its network. Alaska will receive $171,667 under the settlement.

Consumer Protection Unit
June 2017