Attorney generals have also been asked to investigate the incident

Dec 23, 2013 12:35 GMT  ·  By

Several class actions have been filed against retailer Target following the data breach in which around 40 million credit cards have been compromised between November 27 and December 15, 2013.

According to media reports, lawsuits have been filed by a law firm in Montgomery, Alabama; a woman in Portland, Oregon; and the owner of a restaurant in Batavia, Illinois. Two class actions have been initiated in California as well.

Some of the plaintiffs claim Target has failed to abide by best practices and industry standards. The owners of the Batavia restaurant say fraudsters made purchases on Amazon.com with the information from a corporate credit card compromised in the breach.

The woman from Portland wants over $5 million (€3.66 million) in damages, arguing that the company “failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.”

In addition to the lawsuits, the Attorney General’s Office in at least four states has been asked to look into the breach.

Target has offered a 10% discount to customers following the cyberattack and promised free credit protection services. However, the company’s problems are far from over.

Experts found that at least 330,000 of the compromised payment cards have been issued by non-US banks. The stolen information is currently being sold on the underground market.

Furthermore, Reuters has reported that at least 2 million of the impacted individuals might be limited to $100 (€73) per day cash withdrawals, and $300 (€220) per day credit card purchases as a result of the incident.

Since it’s an ongoing investigation, Target is not saying anything about how its systems have been breached. However, experts have a few interesting theories.