Bottom line: The proposed settlement of $117.5 million includes a minimum of $55 million for victims’ out-of-pocket expenses, $24 million to pay for two years of crediting monitoring service, as much as $30 million for legal expenses and an additional $8.5 million for unspecified expenses.

Yahoo has reached a revised settlement agreement with millions of people who had their personal information stolen in high-profile data breaches in 2013 and 2014.

The settlement must be approved by US District Judge Lucy Koh who struck down an earlier proposal in January. Koh said the first settlement was not fair, adequate and reasonable because it didn’t have an overall dollar value and didn’t indicate how much victims might expect to recover. Legal fees were also too high, the judge said.

John Yanchunis, one of the lawyers for the plaintiffs, said in a court filing that the settlement was the “biggest common fund ever obtained in a data breach case.” Verizon in a statement said it demonstrates their strong commitment to security.

Verizon, who agreed to acquire Yahoo in July 2016, separately committed more than $300 million to information security between 2019 and 2022. That’s more than five times the amount Yahoo spent in that area between 2013 and 2016, Reuters notes.