Target is proposing to give the victims of the 2013 hacking attack approximately $10,000 (£6,770) each in damages, the media have reported (opens in new tab)on Thursday.
That proposal is part of a $10 million (£6.7 million) offer Target made to settle a class action lawsuit.
The settlement, which was detailed in court papers filed Wednesday, must still be approved by a federal judge.
But that’s not all the company must do. Target must also improve its security measures, designate a chief information security officer and train its employees.
"We are pleased to see the process moving forward and look forward to its resolution," Target spokeswoman Molly Snyder said in an emailed statement.
The attack on Target was one of the largest in US corporate history, and happened at the height of the 2013 holiday shopping season.
Back then, some 70 million customer’s information had been breached, including names, addresses, phone numbers and emails.
After the breach has been identified, Target offered one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores, and overhauled its security systems.
In a bid to try and regain the lost trust, the company made a series of moves, including free shipping on all items during the 2014 holiday season, lowered minimum online purchase to qualify for free shipping to $25 (£17), and said it will now allow returns for up to a year for its private and exclusive brands.
The retailer's stock traded above $80 for the first time on Monday, reaching another in a string of all-time highs,