Target Corp. agreed to resolve a case with customers, whose personal information was stolen in a 2013 data breach, by reaching a $10 million settlement, according to court documents filed Wednesday. The 97-page settlement said that victims would be eligible for up to $10,000 in compensation each from the $10 million fund, if they are able to provide documentation that proves financial losses on their part, Reuters reported.
The data breach, one of the largest reported in recent times, occurred between November and December in 2013, just as Black Friday began. Information from as many as 40 million credit and debit cards was stolen from their magnetic stripes. Investigators believe the data was stolen through software installed on payment terminals that read the cards. The breach, which reportedly affected nearly all of Target’s 1,797 stores in the U.S., was estimated to cost up to $148 million.
The proposal would also require Target to adopt new data security measures like appointing an information security officer and maintaining a dedicated program. "We are pleased to see the process moving forward and look forward to its resolution," Target spokeswoman Molly Snyder told Reuters.
The proposed settlement reportedly states that Target believes a total of 102 million people could claim part of the settlement fund, but notes that some of those numbers are likely due to double entries of some data breach victims. The claims will be submitted and processed through a dedicated website, the company said in the court documents.
In a report last March, the Senate Commerce, Science and Transportation Committee said Target had not heeded warnings about malware being installed on its systems, and failed to heed other security red flags.
Target CEO Gregg Steinhafel resigned in May over the breaches, and the company brought in Brian Cornell to replace him. CBS reported that a hearing on the settlement, which still requires court approval, is scheduled for Thursday.