Similarly, Massachusetts Atty. Gen. Martha Coakley said her office reached out to the retailer to review the circumstances of the breach and how Target plans to address it. She said she will work with her peers nationwide "to determine whether Target had proper safeguards in place to protect consumer information."
Target said Friday that it has begun contacting customers whose email addresses it has on file and who shopped in a U.S. store with a credit or debit card during the affected time. The company expects to finish sending the emails by the end of the weekend and emphasized that the communiques are "absolutely not an indication that there has been, or will be, fraud" on customers' cards.
So far, Target said it has heard of very few reports of actual fraud. The retailer said that PINs don't appear to have been affected, which means criminals shouldn't be able to withdraw cash from an ATM with fraudulently obtained debit card data.
Also spared, according to Target: shoppers' dates of birth and Social Security numbers.
Target said it alerted Visa, MasterCard, Discover and American Express to card numbers that might have been affected. The card networks are forwarding the numbers to financial institutions to provide an extra layer of fraud monitoring, Target said.
"We want to reassure guests that they will not be held financially responsible for any credit card or debit card fraud," the company said in a statement.
Target Chief Executive Gregg Steinhafel issued a statement Friday afternoon about the fiasco in which he said that affected customers will have access to free credit monitoring services to provide them "with extra assurance."
He also promised shoppers a 10% discount in U.S. stores Saturday and Sunday.
"We recognize this has been confusing and disruptive during an already busy holiday season," he said.