Still recovering from its 2013 data breach, Target Corp. agreed to a $39 million settlement with a class of banks suing the well-known retailer, marking the settlement as the first class-wide data breach pact ever reached on behalf of financial institutions.

Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 holiday season. The Minneapolis-based company’s breach still ranks among the most high-profile data incidents to hit retailers in recent years.

The class-wide pact stems from a consolidated class action complaint filed in August 2014 to recover an estimated $200 million in losses stemming from the breach, including costs to reimburse fraudulent charges and issue new payment cards. The complaint alleges that Target failed to take precautions to protect consumer data and violated the Minnesota Plastic Card Security Act.

The settlement will apply to all U.S. financial institutions that issued payment cards identified as having been at risk as a result of the breach, and that did not agree to separate deals with Visa Inc. and MasterCard Inc. According to the settlement, Target will pay up to $20.25 million directly to class members and an additional $19.1 million to fund MasterCard’s Account Data Compromise – a separate recovery program related to the breach. Target will also pay the plaintiffs’ legal fees, pending final court approval in May 2016.

The settlement is the latest in a series of payouts Target has made as a result of its 2013 breach. This past August, Target settled with Visa for $67 million. In March, Target settled a federal class action lawsuit brought by customers for $10 million. Since the breach, Target has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers at all stores.

After the settlement was announced, the National Association of Federal Credit Unions, which advocated for higher payouts to payment card issuers, said it would continue to pressure Congress to create national data-security standards for retailers that are comparable to those required of financial institutions.