BOSTON/NEW YORK - Target Corp's general counsel, Timothy Baer, spoke with top state prosecutors on Monday to address their concerns about a massive data breach, as consumer lawsuits piled up against the retailer and two US senators called for a federal probe.
Attorneys general from several states including Connecticut, Massachusetts and New York have asked the company to provide more information about the cyber attack, in which hackers stole data from as many as 40 million credit and debit cards of shoppers who visited Target stores during the first three weeks of the holiday shopping season.
Target did not specify which state officials Baer spoke with to "bring them up to date" on the data breach, the second-largest in US retail history. The No. 3 US retailer said the call took place earlier on Monday but gave few details on the discussion.
The company faces at least 15 lawsuits seeking class action status as a result of the cyber attack. The suits were filed by people who claim their information was stolen and they allege that Target either failed to properly secure the customer data, did not promptly notify customers of the breach or both.
Target spokeswoman Molly Snyder said it was company policy not to comment on litigation.
The Secret Service is leading the government's investigation into the matter. Target has not said how its systems were compromised, except to say the operation was "sophisticated." It has apologised and offered 10 per cent discounts over the weekend to bring disgruntled customers back to stores.
With so little information disclosed so far about the attack, it is unclear whether the plaintiffs will be able to prove their allegations.
Meanwhile, two Democratic US Senators, Richard Blumenthal of Connecticut and Chuck Schumer of New York, have asked the US Federal Trade Commission to investigate the breach.
"If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information," Blumenthal said in a letter to FTC Chairwoman Edith Ramirez on Monday. "Its conduct would be unfair and deceptive."
An FTC spokeswoman confirmed that the letters had been received but said she could not comment on whether a probe was in the works, citing a policy not to discuss ongoing investigations.
Shares of Target shares have fallen about 2.8 per cent since the company disclosed the breach early on Thursday, erasing about $1 billion in market value. The S&P 500 Index has been little changed over the same period.
Target's consumer perception scores have dropped to their lowest level since 2007, according to a survey of 15,000 people by YouGov BrandIndex, which tracks public perception of thousands of brands around the world.
Target's Buzz score for the week preceding the data breach announcement was 26. The Buzz score was -19 on Monday, representing a drop of 45 points. (YouGov BrandIndex's Buzz score ranges from 100 to -100 and is compiled by subtracting negative feedback from positive. The survey has an error of plus or minus 2 per cent.)
"Right now, some consumers are not sure if they can trust Target with their personal information," said Ted Marzilli, chief executive of YouGov BrandIndex.
Prior to the breach, Target's consumer perception score was more than twice the average of the retail group that includes chains such as Wal-Mart Stores Inc, Gap Inc, Best Buy Co Inc and Amazon.com Inc.
Target's scores have also dropped about 10 to 15 points in the last week or so on purchase consideration.
"There are fewer consumers citing Target as a brand that they would consider purchasing from. That is a bad sign for Target," said Marzilli.
Citibank took four weeks and Sony took eight weeks to recover from the hit to consumer perception after incidents of data breaches. Marzilli said he expects Target to take 12 weeks or longer to recover, unless more problems emerge.