In the largest multistate data breach settlement to date, Target Corporation recently agreed to pay $18.5 million, develop and implement an information security program and retain a third party to assess and report on the program. Target has now spent more than $200 million responding to the fallout from its 2013 holiday-season data breach. This settlement, along with the Safetech settlement in NY, is a clear indication that the state AGs are determined to have a say on best cybersecurity practices, experts told the Cybersecurity Law Report. This article addresses Target’s handling of the breach and its aftermath and offers compliance takeaways for other companies. See also “Lessons From the 2013 Target Data Breach: What Future Resolutions of Large-Scale Data Breaches May Look Like” (May 6, 2015).