May 23 (UPI) -- Target said it will pay $18.5 million to 47 states and the District of Columbia as part of a settlement over a 2013 data breach that compromised the data of 110 million customers.
The Minneapolis-based retailer also will tighten its digital security, maintaining software and encryption programs to safeguard the personal information of customers, according to the settlement with state attorneys general released Tuesday.
Target will be required to separate its cardholder data from the rest of its computer network and employ an executive to manage a "comprehensive information security program."
Target said it was "pleased to bring this issue to a resolution for everyone involved."
Alabama, Wisconsin and Wyoming were not part of the settlement.
On Dec. 19, 2013, during the biggest shopping season of the year, Target confirmed hackers breached security at U.S. stores and obtained names, credit card numbers and other information of 110 million customers.
After an internal review, Target acknowledged that it had missed signs of the data breach. It led to the resignation of longtime Target CEO Gregg Steinhafel.
California will receive the largest settlement of any state, more than $1.4 million. California Attorney General Xavier Becerra said the money will be used for enforcing consumer protection laws.
"Families should be able to shop without worrying that their financial information is going to get stolen, and Target failed to provide this security," Becerra said in a statement. "This should send a strong message to other companies: You are responsible for protecting your customers' personal information."
Target shares fell 1.7% on Tuesday to $54.49.