Target has agreed to pay $39.4 million to resolve claims by banks and credit union that they lost money following the retailer’s data breach in 2013.
The settlement was reached after a class-action lawsuit was filed by lenders seeking to hold Target responsible for their costs associated with reimbursing fraudulent charges and issues new credit and debit cards.
At least 40 million credit and debit cards were compromised during the breach. Target estimated that upwards of 110 million customers may have suffered some type of personal data theft from the breach.
Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers.
Wednesday’s settlement requires Target to pay as much as $20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc card issuers.
Target and MasterCard reached an agreement in April, but it was rejected the next month when card issuers said the sum too low.
The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minnesota, who called it “fair, reasonable and adequate,” court records showed.
A hearing on final approval was scheduled for May 10, 2016.
Target previously agreed to pay Visa Inc card issues $67 million over the breach. The company also reached a $10 million settlement with shoppers.
The retail giant has paid about $290 million in charges related to the breach. Insurers are expected to reimburse $90 million.
The company is still facing shareholder lawsuits and US government probes.