Target Corp. (NYSE:TGT) is entering legal damage control mode after a massive security breach potentially affected millions of customers’ personal information. On Monday, company Executive Vice President and general counsel Timothy Baer conducted a conference call with several state attorneys general.
The company isn’t saying which states participated in the call. A person with information on the matter told The Wall Street Journal the calls lasted approximately 30 minutes, and that another call is scheduled for shortly after the start of the new year. Reuters reports that so far, at least 15 lawsuits have been filed against the retailer; all are seeking class-action status. In the suits, the claimants say Target failed to ensure their personal data were secure and/or did not notify customers of the breach quickly enough.
On December 19, Target announced that between November 27 and December 15, its systems had been compromised and that approximately 40 million credit or debit cards may have been affected. At the time, Target said it was ”partnering with a leading third-party forensics firm to conduct a thorough investigation.”
Few details have emerged from Target about the lawsuits or the investigation. This is causing state attorneys general like Connecticut’s George Jepsen to take action and demand information. Jepsen sent a letter to Target outlining 10 steps he wishes to see the company take that will provide greater transparency for consumers.
“As formal notification of this breach has not yet been provided to my office, and we unfortunately learned of this incident along with the general public through media reports, critical facts about the breach remain unclear, “Jepsen wrote. “This includes details concerning the cause of the breach, what steps Target has taken to protect individuals whose information was compromised, and the nature of any procedures adopted to prevent future data breaches.”
Jepsen goes on to ask how Connecticut residents have been affected and what steps Target is taking to remedy the situation. “We are only beginning to understand the implications of this massive, nationwide data breach and the impact it will have on Connecticut consumers,” Jepsen said in a statement the same day he sent his letter.
Target did confirm in a statement on Monday that it was working with the Secret Service and U.S. Department of Justice in an investigation of the malware responsible for the point-of-sales system breach of information.
In the wake of the scandal, Target’s brand has plummeted. YouGov’s BrandIndex tracks public perception of global brands and on Monday said that Target’s “buzz” score – a feedback score that rates companies from 100 to -100 — had fallen 35 points, from 26 to -9. The decline happened after one day and is a larger drop in public perception than what Sony or Playstation witnessed after similar security infractions.