Target Corp. must defend itself against claims that its failure to shield computer systems allowed hackers to steal the account data of millions of shoppers, forcing banks to reimburse fraudulent charges and issue new credit and debit cards.
At least 40 million credit cards were compromised and personal information of as many as 110 million people may have been stolen.
Five banks banded together to sue on behalf of every U.S. financial institution whose customers made Target purchases from Nov. 1 to Dec. 19, 2013, claiming they collectively sustained tens of millions of dollars damages.
The company last month asked U.S. Judge Paul Magnuson in St. Paul, Minn., to reject those claims. Magnuson refused.
“Although third-party hackers’ activity caused harm, Target played a key role in allowing the harm to occur” by disabling some security features and failing to heed warning signs when the cyber-attack began, the judge said in his written ruling issued Wednesday.
