Target has proposed to pay $10 million to settle a class-action lawsuit over its massive 2013 data breach, according to court documents filed in the U.S. District Court in Minnesota on Wednesday.
The settlement, if approved by a judge, would allow individual shoppers to receive up to $10,000 damages if they can prove they endured losses stemming from Target’s data breach. Up to 40 million shoppers had their credit card data stolen during the breach, while up to 70 million had personal information such as addresses and phone numbers stolen.
The settlement also states that Target will create a new position, a chief information security officer, who will be responsible for protecting customer data. Target promises in the court documents that it will implement a program to train Target employees on security practices and will periodically review its safeguards to make sure they are sufficient to protect consumers.
“We are pleased to see the process moving forward and look forward to its resolution,” said Molly Snyder, a Target spokeswoman, in an e-mail.
The breach took place at the height of holiday shopping in 2013 and deeply wounded Target’s sales.
