Target, the US retail giant, has agreed to a $10 million settlement after its data breach in 2013 which compromised consumers’ personal information.
Although the deal has not yet been approved by a federal court, the proposed settlement would see the company deposit the $10m into an interest bearing escrow account. This money would then be used to pay individual victims up to $10,000 in damages.
For victims, the claims process will be primarily processed through a dedicated website.
As part of the proposal, the company will have to improve its data security by implementing such measures as a appointing a CISO.
Target spokeswoman, Molly Snyder, said: "We are pleased to see the process moving forward and look forward to its resolutions."
While this is a significant step, the legal process is still far from over. Customers will be able to file objections to the proposed settlement and a final hearing on the settlement won’t be heard until the 10th of November.
The data breach in 2013 saw hackers steal credit and debit card information for 40 million Target customers.
Additional information was revealed to have been stolen, over a year after the original breach, including the mailing addresses and other personal information of between 70 million and 110 million.
There is some overlap between these groups, according to Target.
The proposed $10,000 in damages will not be easy to get. Victims must be able to prove that unauthorised charges were made to their credit cards and that they invested time in addressing the fraudulent charges.
Victims must also prove that they incurred costs from correcting their credit reports due to being forced to replace various forms of identification.
