Breach, Data Security

SEC will not fine Target in aftermath of 2013 breach


The Securities and Exchange Commission (SEC) will not penalize Target Corp. for a cyberattack two years ago, according to the StarTribune. In the breach, which occurred during the 2013 holiday season, cyberthieves accessed point-of-sale terminals at hundreds of Target stores and siphoned off the credit card and other personal information of as many as 110 million customers.

While the government watchdog agency said it “does not intend to recommend an ­enforcement action against [Target],” the Minneapolis-based big-box retailer still faces sanctions from the Federal Trade Commission (FTC), state attorneys general and others as a consequence of the incursion and is expected to bear further expenses from settlements and penalties.

In its quarterly 10-Q filing with the SEC [PDF], Target reported it had already shelled out $264 million in cumulative expenses. Factoring in insurance recoveries of $90 million, that still leaves the retailer with net cumulative expenses of $174 million, so far.

Hundreds of lawsuits filed after the breach were consolidated into three bodies of litigation. One, composed of consumers, was settled earlier this year for $10 million. Another involving credit card companies and bank issuers was partly settled last week when Target and Visa came to an agreement for $67 million. A settlement with MasterCard for $19 million was denied at the eleventh hour by a federal judge and is being renegotiated. As well, class action lawsuits and a suit in Canada are on the docket.

Beth Jacob, the company's CIO, resigned soon after the breach, in March 2014. Gregg Steinhafel, the company's CEO, resigned two months later, after 35 years with the brand. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.