Target US has agreed to pay US$10 million (A$13 million) in a proposed settlement of a class-action lawsuit related to its 2013 data breach that exposed sensitive customer information.
Under the proposal, which requires federal court approval, Target will deposit the settlement amount into an interest bearing escrow account, to pay individual victims up to US$10,000 in damages.
The claims will be submitted and processed primarily online through a dedicated website, according to the court documents.
The proposal also requires Target to adopt and implement data security measures such as appointing a chief information security officer - which it did mid last year - and maintaining a written information security program.
"We are pleased to see the process moving forward and look forward to its resolution," a Target spokeswoman said.
Target has said at least 40 million credit cards were compromised in the breach during the 2013 holiday shopping season and may have resulted in the theft of as many as 110 million people's personal information, such as email addresses and phone numbers.
A US judge in December cleared the way for consumers to sue the retailer over the breach, rejecting Target's argument that the consumers lacked standing to sue because they could not establish any injury.