What regulatory fines or settlements has Target paid in the last decade?
This fact-check may be outdated. Consider refreshing it to get the most current information.
Executive summary
Target has paid multiple regulatory settlements tied chiefly to its 2013 data breach, including multistate agreements described as totaling $18.5 million from Texas (announced Dec. 2025) and earlier multistate actions characterized as the largest data‑breach multistate settlement to date (noting the same $18.5m figure in state press releases) [1] [2]. Available sources do not provide a comprehensive decade-long list of every fine or settlement Target paid; reporting returned here focuses on data‑breach and litigation settlements through 2025 and on class‑action activity and attempts to settle investor suits [1] [3] [4].
1. The headline: data‑breach settlements remain the clearest documented regulatory hit
The most concrete regulatory settlement documented in the provided reporting concerns Target’s 2013 payment‑card data breach: Texas AG Ken Paxton announced an $18.5 million multistate settlement in December 2025 resolving a multistate investigation into the breach that exposed more than 41 million payment card accounts and contact data for over 60 million customers [1]. The District of Columbia’s press material frames a related multistate settlement as the largest multistate data‑breach settlement achieved to date and lists the same facts about scope and required security improvements, showing state regulators extracted both money and remediation commitments [2].
2. What regulators got beyond money: operational and security undertakings
State settlement documents require Target to adopt and maintain a comprehensive information‑security program, designate an executive responsible for that program, maintain software support and encryption policies, segment cardholder data environments, and implement stronger access controls including password rotation and two‑factor authentication—standard remedial terms aimed at preventing repeat incidents [2]. The settlements therefore combine cash payments with enforceable behavioral change, not just fines [2].
3. Other civil and class actions around which Target has sought to settle or been litigated
Sources show Target has been involved in a variety of lawsuits and settlement discussions beyond the data breach. Reporting references investor and shareholder litigation tied to corporate decisions — for example, a shareholder suit alleging stock drops tied to Pride Month marketing, for which Target entered settlement talks in early 2025 [4]. Class‑action settlement databases and reporting list numerous consumer suits historically tied to Target (including long‑running data‑breach class actions stemming from 2013), but those summaries in the provided results do not enumerate final dollar totals across the decade [3] [5].
4. Limits of the available reporting: gaps and what’s not found
Available sources here do not provide a comprehensive ledger of every regulatory fine, consent order, or settlement Target paid from 2015–2025; they spotlight specific high‑profile matters (notably the 2013 breach‑related multistate settlements finalized or announced in 2025) and ongoing litigation activity such as investor suits [1] [4] [3]. They also do not list any federal criminal fines or Securities and Exchange Commission monetary penalties on Target within this collection; therefore any claim that Target paid other specific regulatory fines in the last decade is not supported by these sources — "available sources do not mention" such items [1] [4].
5. Competing narratives and implicit agendas in the record
State attorneys general frame the 2013 breach settlements as consumer‑protective victories that include remediation obligations and historic monetary recoveries, a narrative that underscores enforcement competence and deterrence [2]. Industry and business coverage — for example, corporate earnings releases that note litigation‑related items in adjusted results — treat settlements as one‑off adjustments to financials and emphasize ongoing operational performance [6]. Advocacy groups or plaintiffs’ counsel pushing class claims may portray settlements as validation of systemic failure; state regulators emphasize remediation and deterrence [2] [6].
6. Why this matters to shareholders, customers and regulators going forward
Monetary settlements and mandated security reforms impose both direct costs and compliance obligations on Target; they also shape investor calculations (Target’s earnings commentary notes litigation settlements can affect GAAP vs. adjusted EPS) [6]. For consumers, state‑level enforcement imposes contractual remediations intended to reduce future risk [2]. For regulators, the multistate approach demonstrates that coordinated state enforcement remains a primary tool for large corporate data‑breach accountability [2].
If you want a chronological list of every Target fine or settlement from 2015–2025, I can compile that — but I will need access to broader sources (court dockets, SEC filings, state AG press archives and Target’s 10‑K/10‑Q disclosures) because the current set of sources does not provide a complete decade‑long inventory (available sources do not mention a full list) [1] [4].