US District Judge Paul Magnuson said at a hearing today in St Paul, Minnesota, that he would grant preliminary approval of the settlement in a written order later in the day. The move will allow people to begin filing claims ahead of another hearing for final approval.
People affected by the breach can file for up to USD 10,000 with proof of their losses, including lost time dealing with the problem.
"Target really needs to be commended for being willing to step up," Magnuson said.
The settlement would also require Minneapolis-based Target Corp to appoint a chief information security officer, keep a written information security program and offer security training to its workers. It would be required to maintain a process to monitor for data security events and respond to such events deemed to present a threat.
"We are pleased to see the process moving forward and look forward to its resolution," Target spokeswoman Molly Snyder said in an emailed statement.
Vincent Esades, an attorney for Target customers, said after the hearing that the settlement could end up costing Target USD 25 million, when attorneys fees and administrative costs are added in.
He said consumers will likely be able to start filing claims around April 30, and 100 million people may be eligible. Consumers can claim up to USD 10,000 if they can document losses; after those claims are paid out, the rest of the settlement funds will be divided among consumers who claim they suffered a loss, but don't have documentation.