US retailer, Target, has agreed to pay back banks up to $19m to help them recover losses suffered in a data breach in 2013, when up to 40 accounts were compromised.
As well as losses from fraudulent charges on cards, banks and card issuers also incurred costs by reissuing credit and debit cards after the breach.
Scott Kennedy, president of financial and retail services at Target said the company hopes to receive a higher level of issuer acceptance going forward.
He said: "Target intends to continue to defend itself vigorously against any assessments made by MasterCard on behalf of MasterCard issuers that do not accept their offers."
Last month the company agreed to appoint a chief information security officer, to oversee employee training on securing customers' personally identifiable information. In the same month, Target also agreed to a $10m compensation package for victims of the 2013 data breach.
Lawyers for customers who have filed a class action have asked the judge in the case to approve the offer from Target, which could see individuals receiving up to $10,000 each in damages.
The class action claimed compensation for unauthorised payment card charges, card replacement fees, credit card monitoring costs, and lost access to accounts.
Between 27th November and 15th December 2013, up to 40 million payment card account details were exposed in the breach, believed to have affected up to 70 million customers.
Attackers were also believed to have stolen records that included names, addresses, emails and phone numbers as well as payment card details.
Up to three million sets of payment card details are believed to have been sold on the black market and used for fraud, before the issuing banks cancelled the rest.
Return to internet news headlines
View Internet News Archive