NEW YORK – Target Corp. has reached an $18.5 million settlement over a massive data breach that occurred before Christmas in 2013, New York’s attorney general announced Tuesday.

The agreement involving 47 states and the District of Columbia is the largest multistate data breach settlement to date, Attorney General Eric T. Schneiderman’s office said. The settlement, which stipulates some security measures the retailer must adhere to, resolves the states’ probe into the breach.

Target spokeswoman Jenna Reck said in a statement that the company has been working with state authorities for several years to address claims related to the breach.

“We’re pleased to bring this issue to a resolution for everyone involved,” she said.

Target had announced the breach on Dec. 19, 2013, saying it occurred between Nov. 27 and Dec. 15 of that year. It affected more than 41 million customer payment card accounts and exposed contact…