Target CEO defends 4-day wait to disclose massive data hack

Target CEO: We are accountable for breach
Target CEO: We are accountable for breach

Since Target's original announcement that up to 40 million customer credit and debit card accounts had been hacked, critics have questioned why it took the retailer four days to come clean on the data breach.

Now, for the first time since the security breach was announced on Dec. 19, Target Chairman and CEO Gregg Steinhafel is speaking out. While four days may seem like a long time for consumers to learn their sensitive account information was at risk, Steinhafel argued that it was lightning speed from Target's perspective.

He laid out what happened from the moment he knew there was a problem.

(Read more: 'I'm still shaken'by Target data breach, says CEO)

"Sunday (Dec. 15) was really day one. That was the day we confirmed we had an issue and so our number one priority was ... making our environment safe and secure. By six o'clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk," Steinhafel said.

"Day two was really about initiating the investigation work and the forensic work ... that has been ongoing. Day three was about preparation. We wanted to make sure our stores and our call centers could be as prepared as possible, and day four was about notification," he added. (The full interview will air on CNBC's Squawk Box Monday.)

A Target customer prepares to sign a credit card slip.
Getty Images

Still, the retail head was apologetic and contrite, and sought to reassure consumers that Target's stores are safe to shop.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. ... We are not going to rest until we understand what happened and how that happened," he said. "Clearly we are accountable and we are responsible—but we are going to come out at the end of this a better company and we are going to make significant changes."

While Steinfhafel said the full extent of what transpired is not yet known, what Target does know is that malware was installed on the company's point of sale registers. Target is working with law enforcement to try and determine who did it, and when and it was done.

(Read more: Neiman Marcus: Hackers may have stolen payment card data)

The biggest challenge facing the retailer now is trying to convince Americans that it's safe to shop at Target. That's a tall order, when so much of what happened hasn't been disclosed because of ongoing criminal investigations.

While consumers may be concerned that more bad news may be coming, given Target's disclosure on Friday that up to 70 million customers' personal data, including mailing addresses, email addresses, and phone numbers also were compromised, Steinhafel said he is very confident that the Target environment is secure.

"We have no evidence that there is any other guest information that was removed from our environment," he said.

Steinhafel said that, as of Friday, shopping trends were almost back to normal.

By CNBC anchor Becky Quick. Follow her on Twitter @beckyquick. CNBC's Lacy O'Toole contributed to this article.