Facebook Inc. pledged to improve security protocols to resolve a lawsuit blaming the company for a 2018 data breach that exposed personal data of 29 million users.

The company will check more frequently for suspicious patterns of user activity involving access tokens, the key cards that allow users to access their accounts, among other measures outlined in a proposal to settle a class-action suit filed late Friday in San Francisco federal court.

The social network giant was accused in the case of negligently allowing hackers to exploit software bugs to obtain login access to accounts in what was tagged at the time as Facebook’s worst security breach. Facebook denied wrongdoing, maintaining that the attack resulted from “unknown and unforeseeable vulnerabilities” and the company responded quickly.

The accord requires approval from U.S. District Judge William Alsup, who previously said that “Facebook’s repetitive losses of users’ privacy supplies a long-term need for supervision.” Alsup ruled in November that the users can’t seek monetary damages because the lead plaintiff didn’t show that he had incurred any out-of-pocket expenses.