A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval.

If approved, class members who used credit or debit cards at Target stores between November 27, 2013, and December 18, 2013, will be eligible to receive up to $10,000 individually upon submitting a claim form seeking reimbursement for any costs associated with identity theft, unauthorized charges, and higher interest rates that resulted from unauthorized activity on credit accounts. Those class members who submit documentation of their losses will be paid first, and those class members without documentary evidence of losses are eligible to receive an equal share of whatever is remaining in the settlement fund.

As our colleague Mark Melodia noted, the settlement is unique not only because Target agrees to adopt data security protocols, but also because of the amount of attorneys’ fees. The attorneys for the class will seek fees in an amount not to exceed $6.75 million, which is on the high end of the historical range.

In late 2014, Target sought to dismiss the claims, but the court denied that motion and allowed the case to proceed. The preliminary approval hearing on the settlement was scheduled for Thursday morning in front of Judge Magnuson.