Target, in a brief statement Monday, said it was cooperating with the investigation and said the company's top lawyer was working with several state attorneys general and conducting an internal investigation in concert with the U.S. Secret Service.
The breach, uncovered Thursday, is being called the second-largest scam of its kind in history. The biggest, beginning in 2005, hit 45.7 million TJK Cos. customers.
Target's hackers were able to get malicious software onto the company's point-of-sale card-swiping system, stealing data from the magnetic strip on customer's credit cards used at stores between November 27 and December 15. The company said it did not believe personal PIN numbers, nor data such as Social Security Numbers had been accessed.
Brian Krebs, who first broke news of the breach, said the stolen card information has been flooding the black market, commanding high prices because the data includes information such as ZIP codes, which makes it easier for thieves to use the stolen cards nearest to the owner -- and harder to prove fraud.
Still, Target has insisted customers will not be "held financially responsible for any credit card or debit card fraud."
Duggar sisters unveil Christian dating rules in new book
Beautician charged with giving client fatal silicone butt injection