Business Litigation Alert: "Expect More. Pay More. No Sale for Target After Paying Out Over $60M in Data Breach Settlements"
Last week, Target announced that it reached a settlement of $18.5 million with attorney generals in 47 states and the District of Columbia over the massive security breach it suffered in 2013 (see here). In the 2013 data breach, hackers were able to access names, credit card numbers, and additional information concerning approximately 40 million Target customers. This incident has proved to be very costly for Target. The company has already paid out settlements of $39 million to banks that incurred fraudulent charges as a result of the data breach and $10 million to consumers whose personal information was compromised. In fact, Target reportedly has spent upwards of $202 million in legal fees and other costs since that breach.
Part of the settlement requires Target to improve its digital security measures. At the time of the breach, the company acknowledged it missed “warning” signs.
So, what can companies do to avoid the same costly fate as Target? While there is no fail-safe way to prevent a data breach from ever occurring, there are steps you can take to lessen the impact if it does happen.
- Tighten your digital security. This cannot be stressed enough. You cannot prevent a data breach without the appropriate protections in place. Evaluate what you currently have in place and consider whether it provides enough protection for your company, clients and customers. If you house a great deal of sensitive data, it might be time for an upgrade.
- Have a breach response plan in place. Consider a variety of situations. What is your response if your employee’s, customer's, or confidential client data is compromised? Make sure this includes everything from handling the breach from an IT perspective to notifying those impacted to communicating with the media. You should also have a breach response team in place that includes your executive team, HR, PR and Marketing, as well as IT.
- Test your response plan. Practice makes perfect, and that applies here as well. You should run test scenarios of your response plan, using a variety of potential situations to test your team and your plan. Evaluate after each test and look for those places where you can improve.
Taking these steps will help to make sure you and your company are prepared should a breach occur, and will also help in the event of litigation following a breach. The more you can demonstrate reasonable steps at prevention and response, the less likely you will be to find yourself in the costly situation Target is in today.