Target has agreed to pay $10 million in a proposed settlement of a class-action lawsuit related to a huge 2013 data breach that consumers say compromised their personal financial information, court documents show.
Under the proposal, which requires federal court approval, Target will deposit the settlement amount into an interest-bearing escrow account, to pay individual victims up to $10,000 in damages.
The claims will be submitted and processed primarily online through a dedicated website, according to the court documents.
The proposal also requires Target to adopt and implement data security measures such as appointing a chief information security officer and maintaining a written information security program.
“We are pleased to see the process moving forward and look forward to its resolution,” said Target spokeswoman Molly Snyder.
CBS News, which earlier reported the settlement, said a court hearing on the proposed settlement was set for Thursday in St. Paul, Minn.
Target has said at least 40 million credit cards were compromised in the breach during the 2013 holiday shopping season, and the attack may have resulted in the theft of as many as 110 million people’s personal information, such as email addresses and phone numbers.
A U.S. judge in December cleared the way for consumers to sue the retailer over the breach, rejecting Target’s argument that the consumers lacked standing to sue because they could not establish any injury.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.
(Reporting by Peter Cooney in Washington and Supriya Kurane in Bengaluru; Editing by Eric Walsh and Anupama Dwivedi)
This article originally appeared on Recode.net.