Target has agreed to pay out a total of $10m (£6.74m) to people affected by a data breach in 2013, according to reports.
Each claimant will get up to $10,000 in damages under the proposed settlement of a class-action lawsuit, pending court approval.
Target has said at least 40 million credit cards were compromised in the breach during the 2013 holiday shopping season and may have resulted in the theft of as many as 110 million people’s personal information, such as email addresses and phone numbers.
Consumers said that their credit card details were among the data leaked.
The proposal also requires Target to adopt and implement data security measures.
The claim form asks victims whether they used a credit or debit card at any U.S. Target store, excluding the Target.com website, between Nov. 27, 2013 through Dec. 18, 2013.
Other questions ask if the claimant received a breach notice or if they believed that their personal information was compromised.
Many customers will likely not be able to prove that they lost money due to hacker activities.This is common, said Sasha Romanosky, who researched the economics of information security at Carnegie Mellon University in Pittsburgh and is now a policy researcher with the RAND Corp.
There must be very clear proof of actual harm. Courts don’t typically allow victims to claim redress simply for an invasion of privacy, he said.
“We are pleased to see the process moving forward and look forward to its resolution,” said Target spokeswoman Molly Snyder.
Target will deposit the settlement amount into an interest bearing escrow account under the settlement and claims will be submitted and processed primarily online through a dedicated website.
A US judge in December cleared the way for consumers to sue the retailer over the breach, rejecting Target’s argument that the consumers lacked standing to sue because they could not establish any injury.