NEW YORK — Target has proposed to pay $10 million to settle a class-action lawsuit brought against the retailer following a massive data breach in 2013.

Individuals affected by the breach could get up to a maximum of $10,000, the proposal says.

Target’s data breach in 2013 exposed details of as many as 40 million credit and debit card accounts and hurt its holiday sales that year. The company offered free credit monitoring for affected customers and overhauled its security systems.

The proposed settlement would also require Minneapolis-based Target Corp. to appoint a chief information security officer, keep a written information security program and offer security training to its workers. It would be required to maintain a process to monitor for data security events and respond to such events deemed to present a threat.

“We are pleased to see the process moving forward and look forward to its resolution,” Target spokeswoman Molly Snyder said in an emailed statement.

The company said in court documents filed in Minnesota that the funds for reimbursements will be kept in an interest bearing escrow account. Claims will mostly be submitted and processed online through a dedicated website.

The chain has worked hard to lure back customers that were hesitant to shop there after the incident.