Target Corp. Finally decided to pay $10 million to settle a class-action suit because of the company’s data breach in 2013. The data breach exposed data of its members.

The proposed settlement—negotiated with attorneys representing shoppers whose personal information was compromised in the breach—was filed to the U.S. District Court in Minnesota for approval.

Target’s data breach in late 2013 compromised 40 million credit- and debit-card accounts and was one of the challenges that forced out former chief executive Gregg Steinhafel last May. In July, Target named PepsiCo. Inc. executive Brian Cornell as its new chief executive.

Under the settlement, Target would deposit the $10 million into an interest-bearing account, and the money would be used to pay the class members’ claims as well as any awards approved by the court.

Members who submit the proper documentation are eligible for reimbursement of up to $10,000. Claims will be submitted and processed primarily through a dedicated website.

Target also agreed in the settlement to implement security measures aimed at better protecting customer data. Those include designating a chief information security officer, developing metrics that will measure and maintain its information security program, and providing training to employees.

In February, Target named Mike McNamara chief information officer, replacing Bob DeRodes, who had joined the retailer in May to guide the company after the data breach.