The U.S. Department of Justice (DOJ) has launched a probe on Target's credit and debit card data breach that has affected 40 million accounts.
The nation's second-largest retail discounter Target said last week that 40 million credit and debit card numbers, expiration dates and security codes were stolen between Nov. 27 and Dec. 15. The breach is being billed as the second largest in the U.S. history, overshadowed only by by a 2005 scam involving retailer TJX Cos, which affected at least 45.7 million card users.
The DOJ did not release any statement on the matter, but in a statement Target said, "We can confirm that we are actively partnering with the United States Secret Service and the Department of Justice on the ongoing investigation into the malware that affected Target's point-of-sale system in our U.S. stores."
"We want to be clear that neither entity is investigating Target. Rather, we are partnering with both on the ongoing forensic and criminal investigation," the company said.
Target's Executive Vice President and General Counsel Tim Baer also hosted a conference call to discuss the data breach with the attorneys general across the country.
"We felt it was important to proactively bring this group together to provide them with information about the issue and answer their questions as well as those of their constituents, who are our guests. We are committed to keeping the attorneys general informed as the ongoing investigation moves forward and will host a follow up call with them the week of January 6," Target said.
"We continue to work around the clock, including Christmas, to address the questions and concerns of our guests. We will continue to provide updates as they become available," the company added.
"Target remains committed to sharing information about the recent data breach with all who are impacted," said Molly Snyder, a Target spokeswoman. Not much information was available from the company regarding how actually the hack took place. Snyder said investigators were looking at "malware that affected Target's point-of-sale system in our U.S. stores".
According to security experts, Target stands to lose millions of dollars from the incident. By Monday evening, more than a dozen Target customers in California, Oregon and Washington to Louisiana, Massachusetts and Rhode Island, had filed lawsuits in federal courts, accusing the company of negligence that it showed in protecting sensitive customer data. Legal experts said the judges would determine whether claim and damage exist and whether the affected customers can constitute a "class" so that all the lawsuits can be consolidated into one lawsuit against the retailer.
Odds are that Target might also be sued by banks such as Chase and Citibank, that might ask Target to help pay for the cost of cleaning up the mess.
"Given the magnitude of the breach and what we've seen in the past, banks are likely to bring action," said information security expert Randy Sabett, an attorney at boutique law firm ZwillGen.
Shares of Target closed down 0.27 percent at $61.71 on the NYSE on Tuesday.