The massive security breach that wreaked havoc on Target’s credit and debit card system in 2013 is still providing a relevant lesson for business owners today, now that a judge recently approved a $10 million settlement to be paid out to the customers who were affected by the data breach.

Quite simply, it’s much cheaper to pay for preventative security systems than to pay reactive damages for a security breach.

Judge Paul A. Magnuson, a U.S. district judge in St. Paul, Minnesota, approved a preliminary settlement on March 19th wherein customers affected by the data breach can file claims against Target, possibly receiving as much as $10,000 in damages. Additionally, Target will reportedly have to hire a chief information security officer and create a detailed plan to manage the security of consumer data in the future.

Magnuson set a final court date for November 10th, according to The New York Times, in order to give customers affected by the breach enough time to file objections to the settlement.

Although consumers may be eligible to receive $10,000 under the current settlement terms,
it appears that they’ll face some frustrating hurdles along the way. The Times explains that in order to be eligible for the full amount, consumers must prove that their credit cards, debit cards, or personal information was stolen from Target’s system during the security breach — a task which isn’t always easy to do without professional help.

Consumers must also prove that their credit cards were used to make unauthorized purchases, and that substantial personal time and money was invested into fixing the unauthorized purchases. Details including higher interest rates on credit card bills and fees incurred by personal identity protection lawyers, among various other factors, will also determine how much money is awarded to each victim.

As The Dickinson Press notes, approximately 40 million credit card numbers were stolen (although not all 40 million were used to make unauthorized purchases), but Target executives displayed severe misjudgment on the matter of customer security: after news broke at the end of 2013 that card numbers had been compromised, Target admitted that a previous data breach had occurred earlier in the year, wherein the personal information of millions of additional customers (anywhere between 70 million and 100 million) was also stolen.

According to Target execs, the company has spent about $252 million fixing the situation, including $90 million covered by insurance. Additional losses that were not factored into the overall cost include damage to the company’s reputation and a substantial drop in sales.

“Security breaches are certainly not something that only impact large companies,” says Todd Minchow, VP of Technology at Kidwell. “At Kidwell, we have been asked to assist clients of all sizes with a variety of security issues. These issues have included everything from viruses and root kits to unauthorized access of systems and facilities as well as destruction of data and corporate assets.”