(CBS) - Target Corp. says the Department of Justice is investigating the credit and debit card security breach at the giant retailer that's being called the second largest such incident in U.S. history.
Word of the probe came as the number of consumer lawsuits against the chain over the breach grew to at least 15.
Target revealed last week that data connected to about 40 million credit and debit card accounts was stolen during the first three weeks of the holiday shopping season, between Nov. 27 and Dec. 15. The theft is exceeded only by a scam that began in 2005 involving retailer TJX Cos. It affected at least 45.7 million card users.
DOJ declined to comment on whether it's investigating the breach at Target, the nation's second largest discounter. But Target said it's cooperating with the DOJ investigation.
Target also said it's working with the U.S. Secret Service in the retailer's own investigation, and that its general counsel held a conference call Monday with state attorneys general to bring them up to date on the breach.
Attorneys general from several states, including Connecticut, Massachusetts and New York, have asked the company to provide more information about the cyber-attack.
Target didn't specify which state officials its general counsel, Timothy Baer, spoke with.
"Target remains committed to sharing information about the recent data breach with all who are impacted," said Molly Snyder, a Target spokeswoman, in a statement.
The company faces at least 15 lawsuits seeking class action status as a result of the cyber-attack. The suits were filed by people who claim their information was stolen, and they allege Target either failed to properly secure the customer data, did not promptly notify customers of the breach or both.
Snyder said it was company policy not to comment on litigation.
Target hasn't said how its systems were compromised, except to say the operation was "sophisticated." It has apologized and offered 10 percent discounts over the weekend to try to bring disgruntled customers back to stores.
With so little information disclosed so far about the attack, it is unclear whether the plaintiffs will be able to prove their allegations.
Meanwhile, two Democratic U.S. Senators, Richard Blumenthal of Connecticut and Chuck Schumer of New York, have asked the U.S. Federal Trade Commission to investigate the breach.
"If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information," Blumenthal said in a letter to FTC Chairwoman Edith Ramirez on Monday. "Its conduct would be unfair and deceptive."
An FTC spokeswoman confirmed that the letters had been received but said she could not comment on whether a probe was in the works, citing a policy not to discuss ongoing investigations.
Target's consumer perception scores have dropped to their lowest level since 2007, according to a survey of 15,000 people by YouGov BrandIndex, which tracks public perception of thousands of brands around the world and surveys 4,300 people daily.
Target's Buzz score for the week preceding the data breach announcement was 26. The Buzz score was -19 on Monday, representing a drop of 45 points. (YouGov BrandIndex's Buzz score ranges from 100 to -100 and is compiled by subtracting negative feedback from positive. The survey has an error of plus or minus 2 percent.)
"Right now, some consumers are not sure if they can trust Target with their personal information," said Ted Marzilli, chief executive of YouGov BrandIndex.
Prior to the breach, Target's consumer perception score was more than twice the average of the retail group that includes chains such as Wal-Mart Stores Inc, Gap Inc, Best Buy Co Inc and Amazon.com Inc.
Target's scores have also dropped about 10 to 15 points in the last week or so on purchase consideration.
"There are fewer consumers citing Target as a brand that they would consider purchasing from. That is a bad sign for Target," said Marzilli.
Citibank took four weeks and Sony took eight weeks to recover from the hit to consumer perception after incidents of data breaches. Marzilli said he expects Target to take 12 weeks or longer to recover, unless more problems emerge.
Customer Growth Partners LLC, a retail consultancy, estimates that the number of transactions at Target fell 3 percent to 4 percent on Saturday, which is usually one of the top busiest days of the season.
"Before this incident, Target had a chance of at least a decent Christmas. Now, it will be mediocre at best," said Craig Johnson, president of Customer Growth Partners, a retail consultancy.
Eric Hausman, a Target spokesman, declined to comment specifically on sales or the impact of its weekend 10 percent discount offer, but said stores "were busy."
Target, which is based in Minneapolis and has nearly 1,800 stores in the U.S. and 124 in Canada, said on Friday that it's heard of "very few" reports of fraud so far. But experts say the investigation is still in its early stages.