(CBS News) -- Less than a week after it revealed that 40 million credit and debit card accounts of its shoppers may have been impacted by a massive security breach, outraged customers in numerous states have taken to the courts.
Published reports indicate two suits have been filed in California and two in Minnesota. CBS News has confirmed that a suit has been filed in Oregon. At least some were seeking class-action status, and at least one was seeking millions in damages.
USA Today says the attorneys general of at least four states—Connecticut, Massachusetts, New York and South Dakota – have asked Target for information about the lapse. That’s the first step to a possible multi-state investigation, the newspaper says.
Over the weekend, Target offered 10 percent discounts to all customers and free credit monitoring services to customers whose bank cards may have been compromised.
But it may be too little too late.
A post on the security blog that first reported the breach claims many of those stolen cards “have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”
In addition, a retail consultant cited by The Wall Street Journal estimates Target stores suffered up to a 4 percent drop in transactions over the weekend compared to this time last year, while transactions at other retailers were strong.
Despite Target’s efforts to strengthen customer confidence, holiday shoppers we spoke to said they weren’t taking any chances.
One told CBS News, “I actually used cash today specifically because I heard about this and I didn’t want to risk using my card.”
Banks are also being cautious. JP Morgan Chase announced new spending limits on its customers who may have been affected by the breach, including maximum cash withdrawals of $100 a day and purchases of no more than $300 dollars a day.
It’s the most significant effort by a major bank so far to address a crime that experts say is becoming more and more difficult to defend against.
“The challenge we face, as highlighted by the Target breach,” says Jason Oxman of the Electronic Transactions Association,”is that these cyber security criminals are getting more sophisticated. And it really does call for more sophisticated solutions to prevent these kinds of breaches from happening in the future.”