US retailer Target, which suffered a massive data breach in late 2013, failed in its attempt to block banks seeking compensation from the firm for their losses due to the hacking.
A federal judge in St Paul, Minnesota, dismissed Target's attempt to dismiss a lawsuit, which demands the company reimburse the banks for their spending in connection with the data breach.
Judge Paul Magnuson said Target played a "key role" in allowing hackers to infiltrate its computer systems, justifying the plaintiffs' view that the company was negligent to possible cyber attacks and violated Minnesota consumer protection laws.
Target was sued by five banks, who seek class action status for the lawsuit and millions of dollars in damages.
Target's lawyer claimed that a third-party firm handles all credit and debit card payments and therefore the company had no obligation to the banks.
"Plaintiffs have plausibly alleged that Target's actions and inactions - disabling certain security features and failing to heed the warning signs as the hackers' attack began - caused foreseeable harm to plaintiffs," Magnuson wrote in his order.
"Plaintiffs have also plausibly alleged that Target's conduct both caused and exacerbated the harm they suffered."
The case involves all purchases from Target made in 2013 between 1 November and 19 December using credit and debit cards.
Target discovered a major security breach in December 2013. Payment data from about 40 million credit and debit cards were stolen from Christmas shoppers at its stores over 19 days between 27 November and 15 December.
It has since been revealed that a further 70 million customer records with sensitive information such as names, telephone numbers and email addresses were also stolen.
The retailer is facing a number of lawsuits over the data breach, and its senior management were called before Congress to explain about the data breach and preventive measures undertaken to ensure customer security.
Target acknowledged the data breach affected its sales negatively, and it spent millions of dollars in response to the hack. In addition, its credit rating was downgraded.