Neiman Marcus has agreed to pay $1.5 million to 43 states and the District of Columbia, as well as set up new security procedures, to end an investigation into the 2013 breach of customer payment card data at 77 U.S. stores, attorneys general across the country announced Tuesday.

Texas-based Neiman Marcus disclosed the data breach in January 2014, saying payment card information at certain stores had been compromised by an unknown third party. The states’ investigation determined that approximately 370,000 payment cards were involved, and at least 9,200 of the total payment cards compromised in the breach were used fraudulently, according to the attorneys general.