Target says it has reached out to state attorneys generals and is actively partnering with the U.S. Secret Service and Department of Justice to identify the malware that allowed illegal access to some 40 million customer accounts last week at the peak of the holiday shopping season.
The breach impacted Target's point-of-sales system at its 1,797 U.S. stores. Target (TGT) said shoppers making online purchases weren't impacted.
Customers who shopped between Nov. 27 and Dec. 15 may have been impacted, and Target is reaching out to 17 million shoppers via email to alert them that unless they have seen fraudulent activity on their account there is no urgent need to call.
That isn't stopping angry customers from lashing out by filing class action suits against the store in California and Oregon for failing to protect their data with "reasonable security procedures," according to reports.
JPMorgan Chase (JPM) has limited spending amounts on credit and debit cards in the wake of the breach.
The Wall Street Journal also reported that Target stores saw reduced customer traffic over this past weekend, with the number of transactions slipping from 3 percent to 4 percent. Target has offered 10 percent discounts in an attempt to lure shoppers, as well as free credit monitoring for those impacted.
IDT911 co-founder Adam Levin says it's unclear if the class action suits filed will get anywhere, but it doesn't look good for Target to have been breached in the first place.
"If the customer information wasn't properly protected, that will come out in the investigation," Levin says. "It's all about how well Target prepared for the event and improper access in the case of a breach."
Also angry are consumers like those at Chase who have seen their withdrawals and expenditures limited during the last- minute holiday rush.
"There is a great deal of anger, and it is increasing," Levin says. "For consumers [who may be impacted] this is one where you have to check your accounts every day. Fraud alerts won't help."