Target Corp. and lawyers for customers whose personal information was stolen in a 2013 data breach have agreed on a $10 million settlement, according to court documents filed Wednesday.
Lawyers for customers who filed the class-action suit in U.S. District Court in Minneapolis, where Target is headquartered, asked the court to approve Target's offer, which the two sides agreed to last week, according to the documents. Target said as many as 40 million credit and debit card accounts may have been affected by the breach, which occurred between Nov. 27 and Dec. 15, 2013, at the height of the holiday shopping season.
In addition to the monetary awards — which the settlement would cap at $10,000 per victim — Target agreed to appoint a chief information security officer to oversee information security and to train employees in securing costumers' personally identifiable information.
A Target spokeswoman said in a statement: "We are pleased to see the process moving forward and look forward to its resolution."
In a report last year, the Senate Commerce, Science and Transportation Committee accused Target of having failed to respond to warnings that malware had been installed on its system and of having missed several other opportunities to thwart the hackers. Chief Executive Gregg Steinhafel resigned, and Target hired Brian Cornell, a former PepsiCo and Wal-Mart executive, to steer the retailer on a path to regain customer confidence.