The Pioneer Press reports that two separate lawsuits against Target were filed Friday in U.S. District Court in Minnesota. Three Target customers accused the company of negligence, and said they were suing on behalf of all other people who might be affected.
The filings came two days after the company said there had been a major theft of customers' credit and debit card data.
In their suit, Theresa Burkstrand of New Hope and Bryan Barth of Minneapolis criticize Target for lax security.
"As a consequence of Target's conduct, Plaintiffs and the classes are exposed to fraudulent charges, identity theft, and damage to their credit scores," wrote their attorney, E. Michelle Drake.
Plaintiff Sarah Horton sued because Target failed to notify customers when it first learned of the security breach.
"Defendants indicated that it began investigating the incident 'as soon as (they) learned of it' but it did not contemporaneously disclose the breach to Plaintiff and putative class members," wrote her attorney, Gregory McEwen.
USA Today reports three other suits have been filed in California and Oregon.
Mallory Duncan, general counsel at the National Retail Federation, said that in the U.S., information on the magnetic strip is easily replicated. Most other countries use cards with digital chips that create a unique code, not easily copied, every time the card is used.
"We are using 20th century cards against 21st century hackers," she said.
A Target media representative said Sunday that the company typically does not comment on pending litigation.
MPR News reported that Target acknowledged Thursday that thieves accessed its computers and stole credit and debit card information of about 40 million customers between Nov. 27 and Dec. 15.
The hackers got customer names, card numbers and expiration dates, as well as the three-digit card security code printed on the back of cards.
Target spokesperson Molly Snyder said the company told law enforcement about the theft right away. But she would not explain delay between the company's discovery and its public announcement.
Brian Krebs, the blogger who broke the story Wednesday, is a former Washington Post reporter whose beat is internet security. He learned of the breach because of an online "card shop" selling stolen credit and debit cards. Data stolen from the magnetic stripe of the cards are re-encoded onto new, counterfeit cards and use to go shopping in bricks-and-mortar stores for items than can easily be fenced or resold.
In a story Sunday, Krebs wrote that foreign-bank issued cards used at Target during the breach are selling for much more than those issued by U.S. banks.
Federal authorities are investigating the theft, which potentially affects customers at Target's 1,800 stores nationwide.
BringMeTheNews reported Target customers swarmed stores over the weekend, drawn by a ten percent discount and CEO Gregg Steinhafel's assurance that customers would not be responsible for fraudulent charges. The retailer is also offering free credit monitoring services to affected customers.