Target will pay Visa card issuers up to $67 million in a settlement over a massive 2013 data breach, the retailer confirmed Tuesday. The agreement follows the rejection of a proposed $19 million deal with MasterCard, which needed approval from 90 percent of financial institutions representing affected cardholder accounts.The VISA deal does not require approval from card issuers. Visa told CUNA that credit unions would be contacted if they are eligible for reimbursement.

The agreement is meant to cover expenses that financial institutions incurred in the data breach, including the cost of reissuing cards and any fraud that resulted from the incident. Published reports show that the amount being paid by Target includes the maximum amount that is laid out in Visa’s regulations.

The settlement brings another step of closure to one of the largest data breaches in recent years, which exposed about 40 million credit and debit cards. The settlement costs were already reflected in Target’s 2013 and 2014 results. Read more analysis in the Wall Street Journal.