Target will establish a $10 million fund for reimbursement of data breach victims up to $10,000.

The breach, in which customer data was stolen by hackers, affected some 40 million shoppers in 2013 and has already cost Target upward of $100 million in security upgrades and legal fees. 

The settlement is noteworthy for the fact that Target is admitting fault. 

“Target is admitting that data breaches cause real consumer harms,” says Ed Mierzwinski with U.S. Public Interest Research Group in Washington D.C 

The case could also set a precedent for future data security cases.

“Settlements are negotiations and any time another settlement happens it helps set what is the going price,” says Bill McGeveran of the University of Minnesota School of Law.

A class-action suit is currently underway in Atlanta against Home Depot for its 2014 data breach.