Key takeaways

• Target’s $18.5 million settlement with the state attorneys general is the largest-ever regulatory settlement stemming from a data breach.
• It contains technical details that companies can review to glean what regulators consider baseline requirements for effective cybersecurity defense.
• In announcing the settlement, the Illinois attorney general drove home that point, stating that the settlement “establishes industry standards for companies that process payment cards and maintain secure information about their customers.”