SEC Determines No Enforcement Action Over Target’s Data Breach

The U.S. Securities and Exchange Commission won’t pursue an enforcement action against Target Corp. after hackers stole data on 40 million credit and debit cards during the 2013 holiday shopping season, according to a regulatory filing.

The agency finished its probe during Target’s second quarter this year, which ended Aug. 1, the Minneapolis-based retailer said in a regulatory filing Tuesday. The Federal Trade Commission and state attorneys general are still investigating the breach.

Hackers stole credit- and debit-card data, as well as personal information, for as many as 110 million Target customers during the 2013 holiday season. Last week the retailer reached a settlement with Visa Inc. over the attack and will pay as much as $67 million to banks that issue Visa cards, a person familiar with the matter said at the time. Target also agreed to pay $10 million to customers whose personal information may have been taken.

Molly Snyder, a spokeswoman for Target, wasn’t immediately able to comment on the filing.

The SEC has the authority to impose penalties on companies that don’t disclose the magnitude of data breaches or fail to properly detail their policies and procedures in protecting consumer data. Erin Stattel, an SEC spokeswoman, declined to comment.

(With assistance from Shannon Pettypiece in New York.)