Target offered a 10 percent discount to placate angry customers Saturday and Sunday, hoping to salvage the busy weekend.
The security-focused website Krebs on Security reported that stolen Target-related credit and debit card information was being sold online by an underground service.
"There is a constant market for this information," said Brian Krebs, editor of the website, which has been breaking news on the story. The information is "hard-coded" into new credit or debit cards and then used for retail purchases, Krebs explained.
Target's data breach came during a holiday season when foot traffic in brick-and-mortar retail stores fell 21 percent, according to ShopperTrak in Chicago.
Bill Martin, founder of ShopperTrak, said Monday that Target's data breach came at a most unfortunate time - including the week before Christmas. That period usually contains four of the top-five retail sales days of the year.
ShopperTrak data showed that people are visiting fewer stores per shopping trip than they were several years ago. Martin estimates 2.4 percent holiday sales growth between Nov. 1 and Dec. 31, down from 3 percent in 2012.
Even with more markdowns Saturday, ShopperTrak estimates that retail sales on "Super Saturday" over the weekend declined 0.7 percent when compared to the year-ago Saturday before Christmas.
"Bad weather throughout the country kept some shoppers away from stores," Martin said. "This past week was their final opportunity to complete their holiday shopping, and though many people did finish making their purchases, retailers did not see as many shoppers as last year."
Target confirmed that data connected to 40 million credit- and debit-card accounts was stolen between Nov. 27 and Dec. 15, the second-largest such theft in U.S. history. Retailer TJX Cos., which operates T.J. Maxx and Marshalls stores, disclosed in 2007 that at least 45.7 million credit- and debit-card accounts were exposed to potential fraud.
Target operates 1,780 stores in the United States, with about 30 in the Philadelphia area. Based on the number of regional stores, an estimated 500,000 to 700,000 credit or debit-card accounts could have been stolen in the Target data heist in the Philadelphia area.
Target's shares on Monday sank almost 1 percent, or 61 cents, to $61.88, and the company is facing inquiries from several state attorneys general over its handling of the data breach and how quickly it informed customers.
Target did not respond to calls for comment. The company said late last week it had received "very few" reports of fraud related to the breach.