It's been two years since a massive data breach resulted in millions of Target customers having personal information stolen, but the financial repercussions are still being sorted out.
The Minneapolis-based retailer is one step closer to the end however after it reached a $39 million settlement to repay banks that issued credit or debit cards compromised in the data breach, an email news release said Wednesday.
Target will pay up to $20.25 million directly to settlement class members, and $19,107,939.38 to MasterCard to fund the Account Data Compromise program, according to the agreement. A proposed $19 million settlement with MasterCard had been rejected this past spring.
The money is essentially to pay back banks, who spent millions of dollars reimbursing customers for fraudulent purchases and sending out new payment cards, Reuters writes.
According to The Hill, the attack cost Target $162 million through Jan. 31 of this year.
In the 2013 holiday season breach, hackers stole the payment card information of an estimated 40 million customers, plus other personal information from millions more.
More on the settlement
Who's eligible for the new settlement?
U.S. financial institutions (such as banks) that issued payment cards (credit or debit cards, for example) that were identified as being put at risk from the breach.
The agreement still has to be approved, first at a preliminary hearing Wednesday and then at a final hearing next year. If it's given the OK, the release says it will the "the first class-wide data breach settlement ever reached on behalf of financial institutions."
In August, Target reached a settlement with Visa that was worth an estimated $67 million.
A $10 million settlement with affected customers was agreed to in March.