(NEW YORK) — Target said Monday it is closing in on the way in which nearly 40 million credit and debit card accounts were compromised.
Whoever is responsible for the data breach that began over Thanksgiving weekend, the company said, was able to install malware onto the machines where customers swipe their credit and debit cards.
There have been few reports of actual fraud, but unauthorized accounts have been showing up on the black market.
Angry customers have filed lawsuits that accuse Target of negligence and failure to protect customer information. Two class action lawsuits have been filed in California and another one was filed in Oregon. State officials in Connecticut, Massachusetts, New York and South Dakota are also launching inquiries into a possible multiple-state investigation.
Over the weekend, Target offered a 10 percent discount at all of its stores in the U.S. The company is also providing at-risk customers free credit monitoring in the wake of this incident.
Meanwhile, on Saturday, JPMorgan Chase and Co. said it is notifying customers who used Chase debit cards at Target in the security breach time period that they are limited to $100 a day of cash withdrawals and $300 a day of purchases with their cards, affecting about two million accounts, or 10 percent of Chase debit cards.
Copyright 2013 ABC News Radio
John Newsome and Anne Woolsey, CNN