A federal judge in St. Paul refused Tuesday to throw out claims against Target Corp. made by several banks that say they lost money because of the company's data breach last year.
U.S. District Judge Paul Magnuson dismissed one of four claims argued in the lawsuit, which claimed "negligent misrepresentation by omission" related to Target's security system. But Magnuson, in his court order released Tuesday, wrote that the plaintiffs presented a plausible case for the first three counts against Target: negligence, failure in providing sufficient security against data hackers and violation of Minnesota's Plastic Security Card Act.
Tuesday's memo is not a final ruling, but allows the lenders' lawsuit to move forward.
The case involves all Target purchases made in 2013 between Nov. 1 and Dec. 19 using credit and debit cards. The banks allege that the data breach, which affected at least 40 million customers, required them to reimburse victims, reissue cards and monitor accounts for fraud.
The plaintiff is a group of five lenders acting on behalf of any financial institution affected by the breach. They claim to have lost tens of millions of dollars combined.
A landslide of lawsuits was filed against Minneapolis-based Target after the breach. The courts ultimately decided to consolidate all the federal cases into two lawsuits — one brought by consumers and one brought by financial institutions.
Target's lawyer argued that the company had no obligation to the banks because a third-party firm handles all credit and debit card payments.
The company declined to comment on Tuesday's court order saying it does not typically comment on pending litigation.
Bloomberg News contributed to this report.