The company may need to do a lot more in coming days. "With these data security breaches, there's usually the question of consumer confidence and trust," says Daren M. Orzechowski, a New York-based intellectual property attorney with White & Case LLP. "They have to balance if they feel they need to do more to try to preserve consumer confidence."
More from USA Today:
Monday marks key health care deadline
The inside scoop from 7 Santa standouts
Target offers 10% off as credit fraud apology
The speed of class-action suits and state officials getting involved "is not surprising," says Orzechowski, who deals in data privacy issues. Many states have strong breach notification laws that requite the attorney general be notified, he said.
Both the state and civilian queries will be interested in "when did Target know there was an issue and how long did they wait, in terms of responding, because there's a lot of obligations on promptly notifying people and there is going to be a lot of focus on that in the days to come."
As of yet, there's no idea of how much consumers were harmed, says Columbia Law School professor John Coffee. "We do not yet know if Target was negligent or whether these were very skillful hackers who could have penetrated any system--but those critical factual issues seldom slow the race to the courthouse," he said.
(Read more: Target gives 10% discount to shoppers after data breach)