Target to pay Iowa for 2013 data breach

More than three years after its massive data breach, Target Corp. will pay Iowa and 46 other states a total of $18.5 million to settle an investigation into the breach.

The Minneapolis-based retailer will make a $229,000 payment to Iowa, the state's attorney general announced Tuesday.

The 2013 breach included the theft of about 40 million debit and credit card accounts, and the theft of other information for tens of millions of customers. The breach, which Target disclosed in late 2013, resulted in a financial hit for the company and the ouster of its then-CEO.

'The Target data breach was particularly deep and wide, and affected a staggering number of consumers across Iowa and across the country,” Iowa Attorney General Tom Miller said in a statement. 'Cyber attackers who scoop up this type of digital information jeopardize their victims' financial health, and companies that store our personal information simply must do everything they can to protect it.”

California received $1.4 million from the settlement with Target, the largest share of any state.

Iowa's share of the settlement will go to the state's consumer education and litigation fund, the Attorney General's Office said.

In addition to payment, the multistate settlement requires Target to upgrade and maintain its cybersecurity protections and hire a third party to do a comprehensive assessment of those systems.

Consumers who think they've their information has been stolen should monitor their bank accounts for unauthorized transactions. If an unauthorized charge is noticed, consumers should contact their card issuer to challenge it.

l Comments: (319) 398-8366; matthew.patane@thegazette.com