On Thursday, a Minnesota federal judge preliminarily approved a $10 million settlement in the class action lawsuit filed against retail giant Target over a massive data breach that compromised sensitive customer data during the 2013 holiday shopping season. According to reports, consumers affected by the cyberattack—in which personal information such as email and mailing addresses and credit and debit card data were stolen—could be eligible to receive up to $10,000 each in damages.
“We are pleased to see the process moving forward and look forward to its resolution,” a Target spokeswoman said.
As reported by the New York Times, Target initially estimated that the credit and debit card information for 40 million customers had been taken in the breach. In 2014, the company admitted other information, such as email and mailing address, were also stolen by hackers, and that between 70 million and 110 million people affected, more than doubling the company’s initial damage estimates. According to reports, Target’s computer security system alerted the company to suspicious activity after its networks had already been infiltrated, but the alert was ignored.
As part of the terms of the settlement, Target must beef up its protection of customer information, including creating a plan to respond to any future data breach and providing cyber security training to employees.
Target still faces lawsuits from three of the four major credit card companies.