CNBC:
Target on Tuesday agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia and resolve a multi-state investigation into the retailer’s massive data breach in late 2013. The investigation — led by the Attorneys General of Connecticut and Illinois — found that cyber attackers had accessed Target’s gateway server through credentials stolen from a third-party vendor, New York Attorney General Eric Schneiderman said in a statement on Tuesday.