Target is proposing to pay customers who suffered from a 2013 data breach up to $10,000 each in damages.
The proposal is part of a $10 million offer by Target to settle a class action lawsuit. Victims able to prove they were harmed by the breach, which affected up to 110 million customers, will be eligible for up to $10,000 each.
The settlement, which was detailed in court papers filed Wednesday, must still be approved by a federal judge.
In addition, Target is required to improve its data security, including the designation of a chief information security officer. The company must also provide security training to its employees.
The data breach at Target, which took place during the height of the 2013 holiday shopping season, was one of the largest in U.S. corporate history.
As many as 70 million customers had information such as their name, address, phone number and e-mail address hacked in the breach. Another 40 million customers may have also had credit or debit card information stolen.
After the data breach was discovered, Target offered one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores.
Target did not immediately respond to a request for comment.
Under the terms of the proposed settlement, Target customers who can prove they were damaged by the data breach will get the first shot at the $10 million. For example, victims will be reimbursed for unauthorized credit card charges, bank fees or costs related to replacement IDs — so long as they are documented.
After those claims are paid, any remaining settlement funds will be evenly distributed to class members without documentation.
The proposed settlement could be approved during a hearing scheduled for Thursday in St. Paul.