US retail firm Target has offered to pay USD 10 million to the victims of a major 2013 data breach in order to settle a class-action legal case, as per the court documents that were filed in the US District Court in Minnesota on Wednesday.

If the settlement deal is approved by the judge, it would allow individual shoppers to get around USD 10,000 in damages if they succeed in proving that they endured losses cropping from the data breach of Target.

The credit card data of nearly 40 million shoppers were stolen during the security breach, while nearly 70 million got stealing of their personal data including addresses and phone numbers.

Target spokeswoman Molly Snyder in an e-mail said, “We are pleased to see the process moving forward and look forward to its resolution.”

Under the settlement, the company will be creating a new position of a chief information security officer who will look after the protection of the customer data.

In the court documents, Target promised implementation of a program for training its employees on security practices and will also review its safeguards on regular interval to make sure they are sufficient to provide protection of consumers.

The data breach took place in 2013 when the holiday shopping season was at full swing. It deeply affected Target’s sales during the most important season of the retail industry.  Experts call it one of the largest data breaches in the history.