Target Corp. said Tuesday that it has agreed to pay Visa card issuers up to $67 million in costs related to the data breach of December 2013 that compromised at least 40 million payment cards and the personal information of as many as 110 million of the retailer’s customers.
Sources familiar with the matter told the Wall Street Journal that the figure being forked over includes the maximum amount that’s laid out in Visa’s regulations and depends on how many issuers accept the agreement.
The news comes two months after a $19 million settlement with MasterCard fell through when financial institutions rejected it. According to the sources, a deal similar to the one offered to Visa is now in the works.
The cyber-attack has had massive monetary consequences for Target, which in March agreed to pay around $10 million to settle a class-action lawsuit and revealed in its fourth-quarter and fiscal-year 2014 earnings that the incident had already cost it $162 million over the span of two years.