The Securities and Exchange Commission decided not to penalize Target Corp. for the 2013 cyberattack that led to the exposure of data for millions of the retailer’s customers, the company said Tuesday.
The agency was one of several governmental entities to investigate the company in the wake of the attack, one of the largest against a U.S. company.
In its quarterly results document, filed with the SEC and published by the agency on the Internet for investors to see, Target said the investigation ended during the May-to-July period. It said the SEC “does not intend to recommend an enforcement action against us.”
Many California state agencies are not complying with the state’s information technology standards, leaving them vulnerable to a major security breach of sensitive data such as Social Security numbers, health information or tax returns, the state auditor reported Tuesday.
“Our review found that many state entities have weaknesses in their controls over information security. These weaknesses leave some of the state’s sensitive data vulnerable to unauthorized use, disclosure, or disruption,” Auditor Elaine Howle wrote in the report.