The existing claims alleged negligence, failure to provide sufficient security and violations of Minnesota's Plastic Security Card Act.

"Plaintiffs have plausibly alleged that Target's actions and inactions – disabling certain security features and failing to heed the warning signs as the hackers' attack began – caused foreseeable harm to plaintiffs,' Magnuson wrote in his decision. "Plaintiffs have also plausibly alleged that Target's conduct both caused and exacerbated the harm they suffered."

The judge's ruling will enable the five lead plaintiffs, CSEFCU and four banks, to continue on their path of seeking class-action status on behalf of lenders nationwide, the documents said. The ruling was praised by attorneys representing the credit union and banks.

"We are pleased by the order issued by the court yesterday," said attorney Bryan Bleichner, a partner with the Minneapolis-based law firm, Chestnut Cambronne, which is part of the legal team representing the plaintiffs. "It was a very good decision for all financial institutions affected by the Target data breach and a positive step forward as we seek to recover the economic losses suffered by financial institutions as a result of the breach."

Following the Target breach in 2013, the Minneapolis-based retailer faced a storm of lawsuits. The $220 million Alabama State Employees Credit Union of Montgomery, Ala., was the first financial institution to sue the retailer. Other cooperatives, such as the $38 million First Choice Federal Credit Union of New Castle, Penn., have also joined in litigation across the country aimed at giant retailers such as Target and Home Depot.

The courts have consolidated all the federal cases into two lawsuits, one involving financial institutions and the other including consumers.