According to the StarTribune, the Securities and Exchange Commission (SEC) will not penalize Target Corp. for a cyberattack two years ago.

The breach during the holiday season in 2013 affected hundreds of Target stores and siphoned off the credit card and other personal information of as many as 110 million customers.

The SEC is the only one not planning punitive actions against the company as the FTC plans on sanctions as well as state attorneys general and others as a consequence of the incursion and is expected to bear further expenses from settlements and penalties.

Cost of the incursions have been estimated by Target to be $264 million in cumulative expenses. Insurance covered about $90 million leaving the company with a loss of $174 million, so far.

Three lawsuits have been brought against the company. One was consumers which was settled for $10 million. Another involving credit card companies and bank issuers which was partly settled last week when Target and Visa came to an agreement for $67 million. Class action lawsuits and a suit in Canada are on the docket.

Beth Jacob, the company's CIO, resigned soon after the breach, in March 2014. Gregg Steinhafel, the company's CEO, resigned two months later, after 35 years with the company.

Source: SCMagazine