Target said it had agreed to reimburse about $19 million to financial institutions who had issued MasterCard-branded cards that were a part of the massive data breach at the retailer in 2013.
The amount under the settlement with MasterCard covers costs that banks incurred to reissue credit cards and debit cards to customers as a result of the breach, Target said in a statement on Wednesday.
In 2013, Target said at least 40 million credit cards were compromised by the breach during the holiday shopping season, and the attack might have resulted in the theft of personal information, such as email addresses and telephone numbers, from as many as 110 million people.
The payments will be made by the end of the second quarter and are conditioned on issuers of at least 90 percent of eligible account holders accepting the offer by May 20, Target said.
The company added that the estimated cost of the settlement was already reflected in the liabilities established in fiscal 2013 and 2014.
The settlement does not include financial institutions that issue Visa-branded cards. Target is negotiating separately with Visa, the Wall Street Journal reported on Tuesday.
Target’s shares were up less than a percent at $82.71 in trading after the bell on Wednesday.
(Reporting by Shailaja Sharma in Bengaluru; Editing by Savio D’Souza)
This article originally appeared on Recode.net.