Target Corp. will pay $18.5 million to 47 states as part of a settlement related to a 2013 data breach that exposed personal information on millions of customers.

Alabama won't be cashing in on the largest multi-state data breach settlement in history, however.

The reason, according to the Alabama Attorney General's Office, is the absence of a state law that requires entities to notify customers whose information could have been exposed in a breach and then take steps to remediate any injuries.

"Alabama is one of the few states in the nation that is not a party to the recent Target settlement because our state does not have data breach notification law," said Mike Lewis, Communications Director for the Office of the Alabama Attorney General.

According to the National Conference of State Legislators, states with security breach laws have provisions regarding what entities must comply with the regulations as well as definitions of what qualifies as "personally identifiable information," including things such as Social Security numbers, driver's license or state ID numbers, account numbers, etc. The laws typically contain information on what constitutes a breach and how those impacted by a cyber intrusion must be notified.

The absence of that law precludes Alabama from taking part in the Target settlement. The two other states not in the settlement - Wyoming and Wisconsin - do have data breach laws but are not participating in the settlement.

Recent efforts to pass data breach notification laws in Alabama have failed.

States cash in on Target settlement

The payouts from the Target settlement vary widely with Kentucky slated to receive $209,000 while neighboring Indiana will get $623,000. California will receive the most - $1.4 million.

According to Target, Information on more than 41 million customer payment accounts was exposed during the 2013 cyber intrusion. The malware used in the hack exposed a range of customer data including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, security codes, and PIN numbers.

In addition to the settlement payments, Target will also be required to adopt advanced security measures to protect customer information and must hire an executive to oversee an information security program. Target will also be required to encrypt and protect payment card information that is received so that it is unusable if stolen.

Target estimates the total cost of the breach at more than $200 million.