Target agreed to pay $10 million to settle a class action over a 2013 holiday season data breach that consumers claimed compromised as many as 100 million credit and debit accounts.

Under the terms of the proposal, which still requires the approval of a federal judge in Minneapolis, Target will despot the money in an interest bearing escrow account, and ultimately pay individual victims up to $10,000 in damages, said a report  by Courthouse News Service.

Investigators believe the security breach was carried out by thieves who installed software on Target's payment terminals to capture credit information. The breach affected over 1,700 of Target's 1,900 stores, said Courthouse News Service. 

If the settlement is approved by U.S. District Judge Paul Magnuson, who held a hearing on the proposal Thursday afternoon, claims will be submitted and processed primarily through a dedicated website.

"The settlement proposal also requires Target to adopt and implement data security measures , including appointing a chief information security officer, maintaining a written information security program, and implementing a process to monitor for so-called "information security events" and to respond to such events determined to present a threat," said Courthouse News Sevice.

In a written statement, Target spokeswoman Molly Snyder said the company is "pleased to see the process moving forward and looks forward to its resolution."