A U.S. judge on Tuesday certified a class action against Target Corp brought by several banks over the retailer's massive data breach in 2013.
U.S. District Judge Paul Magnuson in St. Paul, Minnesota, said the banks could pursue their claims together over the breach, which compromised at least 40 million credit cards during the holiday season.
In a statement, Charles Zimmerman, one of the lead lawyers representing the banks, said, "This important ruling brings financial institutions one step closer to collectively holding Target accountable for its unprecedented data breach."
Target spokeswoman Molly Snyder said the company was "disappointed" and would evaluate its next steps after reviewing the decision.
The ruling, which makes a settlement with the banks more likely, comes four weeks after Target agreed to pay as much as $67 million to financial institutions that issue Visa Inc cards, in a deal struck directly with the credit card network.
Earlier this year, a proposed $19 million settlement with MasterCard Inc fell through when not enough banks accepted the agreement.
It is not clear how many Visa card issuers accepted the terms of that deal by the deadline of Sept. 4.
Snyder declined to comment on the number of institutions that have agreed to participate in the Visa deal but emphasized that the class action includes only those card issuers that have not settled their claims.
Attorney Zimmerman has said the Visa deal, like the failed MasterCard settlement, does not fully reimburse banks for their losses and was negotiated without input from the plaintiffs.
Carrie Hunt, the general counsel for the National Association of Federal Credit Unions, praised the judge's decision and said it "constitutes one important avenue for recovery" for credit unions affected by the breach.
The Target breach was one in a series of high-profile data security failures to hit major retailers, including Home Depot Inc and Staples Inc.
(Additional reporting by Nandita Bose in Chicago)