The 2013 hack that caused one of the largest breaches in U.S. retail history continues to be a headache for Target Corp. Following the breach just before the holidays in 2013, Target was hit with consumer class action suits, suits by credit card companies, hostile shareholders at its shareholders’ meeting, and investigations by 47 state attorneys general and the District of Columbia (D.C.).

Target has announced that it has reached a settlement to end the investigation of the 47 state AGs and D.C. for $18.5 million—the largest data breach settlement with multiple AGs in history.

The investigation, led by the AGs of Connecticut and Illinois, alleged that Target failed to provide reasonable data security for the 40 million customers whose data was compromised in the 2013 cyber-attack. In addition to the monetary settlement, Target has agreed to boost its cybersecurity measures, employ an executive or officer in charge for executing its information security plan, provide free credit monitoring for those who were affected by the breach, segregate consumer data, maintain encryption policies, and keep its software up to date to prevent further vulnerabilities.

These are all good practices that companies may wish to implement before a massive data breach occurs.