GO
Loading...

Target CEO defends 4-day wait to disclose massive data hack

Sunday, 12 Jan 2014 | 6:30 PM ET
Target CEO: We are accountable for breach
Sunday, 12 Jan 2014 | 6:00 AM ET
CNBC's Becky Quick talks to Target CEO Gregg W. Steinhafel about the data breach that now affects some 100 million Target customers.

Since Target's original announcement that up to 40 million customer credit and debit card accounts had been hacked, critics have questioned why it took the retailer four days to come clean on the data breach.

Now, for the first time since the security breach was announced on Dec. 19, Target Chairman and CEO Gregg Steinhafel is speaking out. While four days may seem like a long time for consumers to learn their sensitive account information was at risk, Steinhafel argued that it was lightning speed from Target's perspective.

He laid out what happened from the moment he knew there was a problem.

(Read more: 'I'm still shaken' by Target data breach, says CEO)

"Sunday (Dec. 15) was really day one. That was the day we confirmed we had an issue and so our number one priority was ... making our environment safe and secure. By six o'clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk," Steinhafel said.

"Day two was really about initiating the investigation work and the forensic work ... that has been ongoing. Day three was about preparation. We wanted to make sure our stores and our call centers could be as prepared as possible, and day four was about notification," he added. (The full interview will air on CNBC's Squawk Box Monday.)

A customer prepares to sign a credit card slip at a Miami Target store on Dec. 19, 2013.
Getty Images
A customer prepares to sign a credit card slip at a Miami Target store on Dec. 19, 2013.

Still, the retail head was apologetic and contrite, and sought to reassure consumers that Target's stores are safe to shop.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. ... We are not going to rest until we understand what happened and how that happened," he said. "Clearly we are accountable and we are responsible—but we are going to come out at the end of this a better company and we are going to make significant changes."

While Steinfhafel said the full extent of what transpired is not yet known, what Target does know is that malware was installed on the company's point of sale registers. Target is working with law enforcement to try and determine who did it, and when and it was done.

(Read more: Neiman Marcus: Hackers may have stolen payment card data)

The biggest challenge facing the retailer now is trying to convince Americans that it's safe to shop at Target. That's a tall order, when so much of what happened hasn't been disclosed because of ongoing criminal investigations.

While consumers may be concerned that more bad news may be coming, given Target's disclosure on Friday that up to 70 million customers' personal data, including mailing addresses, email addresses, and phone numbers also were compromised, Steinhafel said he is very confident that the Target environment is secure.

"We have no evidence that there is any other guest information that was removed from our environment," he said.

Steinhafel said that, as of Friday, shopping trends were almost back to normal.

By CNBC anchor Becky Quick. Follow her on Twitter @beckyquick. CNBC's Lacy O'Toole contributed to this article.

Introducing Morning Squawk: CNBC's before the bell news roundup

Sign up to receive Morning Squawk in your inbox each weekday › Sample

  Price   Change %Change
TGT
---

Featured

Contact Retail

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

Consumer