Target to pay $10 million to victims of data breach

A proposed settlement of a class-action lawsuit would offer customers up to $10,000 each for damages stemming from the 2013 hack.

Hackers hit Target at the start of the 2013 holiday-shopping season. Target

Target has agreed to pay $10 million under a proposed settlement in a class-action lawsuit stemming from a massive 2013 data breach, the company confirmed to CBS News.

"We are pleased to see the process moving forward and look forward to its resolution," Target spokesperson Molly Snyder told CBS News late Wednesday.

The proposed settlement, which must be approved by a federal district court judge, creates a settlement account that could pay individual victims up to $10,000 in damages, according to court documents.

The data breach, one of the largest of its kind, occurred between November 27 and December 15, 2013, just as the busy holiday shopping season was underway. Information from as many as 40 million credit and debit cards was stolen.

Investigators believe the thieves captured the information by installing software on payment terminals customers used to swipe their payment cards at checkout. Nearly all of Target's 1,797 stores in the United States were affected.

At least 15 lawsuits were filed by the end of 2013, seeking millions of dollars in damages. The harm was so widespread that the Department of Justice began its own investigation into the breach.

A court hearing on the settlement proposal is scheduled for Thursday in St. Paul, Minnesota, where Target's headquarters is located.

The news comes as Target recently announced layoffs of 1,700 employees -- or 13 percent of the workforce -- at its Minneapolis headquarters, reports CBS Minnesota.

This story originally posted as "Target agrees to pay $10 million to data breach victims" on CBSNews.com.

Featured Video