By Nick Gale, WLS-AM 890 News

(CHICAGO) — Attorney General Lisa Madigan Tuesday announced that Illinois led 47 states and the District of Columbia in reaching an $18.5 million settlement with the Target Corporation to resolve the states’ investigation into the company’s 2013 data breach. The settlement represents the largest multistate data breach settlement achieved to date and sets industry standards for better protecting consumers’ information from data breaches in the future.

The states’ investigation, led by Madigan and Connecticut Attorney General George Jepsen, found that cyber attackers accessed Target’s gateway server through credentials stolen from a third-party HVAC vendor on or about November 12, 2013. The credentials were used to exploit weaknesses in Target’s system, allowing the attackers to access a customer service database, install malware on the system and to capture customer data, including full names, telephone numbers, email addresses, mailing addresses, payment card numbers, expiration dates, credit card verification codes and encrypted debit PINs.

The breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers.

“Today’s settlement with Target establishes industry standards for companies that process payment cards and maintain secure information about their customers,” Madigan said. “People must remain vigilant about activity on their credit and debit cards as it’s not a matter of if but when you are going to be a victim of identity theft or a security breach.”

The new industry standards require Target to:

— Develop, implement and maintain a comprehensive information security program

— Employ an executive or officer who is responsible for executing the plan

— Hire an independent, qualified third-party to conduct a comprehensive security assessment

— Maintain and support software on its network for data security purposes

— Maintain appropriate encryption policies, particularly as they pertain to cardholder and personal information data

–Segment its cardholder data environment from the rest of its computer network

— Undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication

Illinois will receive more than $1.2 million from the settlement.

Copyright 2017 WLS-AM News