(Reuters) – Target is nearing a settlement with MasterCard to reimburse financial institutions about $20 million for costs incurred from the retailer’s massive data breach in 2013, the Wall Street Journal reported.
The deal, which comes after months of negotiations, could be announced as soon as this week, according to the Journal, citing people familiar with the terms of negotiations.
The $20 million covers costs that banks incurred to reissue credit cards and debit cards as a result of the breach, as well as some of the fraud that resulted from the exposure of customer information, the newspaper said.
In 2013, Target said at least 40 million credit cards were compromised by the breach during the holiday shopping season, and the attack might have resulted in the theft of personal information, such as email addresses and telephone numbers, from as many as 110 million people.
MasterCard (MA) will distribute the reimbursed funds to the financial institutions that issue credit cards and debit cards under its brand, including Citigroup, Capital One Financial and J.P. Morgan Chase & Co, the Journal said.
The Target settlement does not include financial institutions that issue under the Visa (V) brand. Target is negotiating separately with Visa, the report said.
“We’ve seen the same story, but we do not comment on speculation,” MasterCard said when asked about the Journal’s report.
For more about Target’s plans to compensate its customers, watch this Fortune video: