For Target Chairman and CEO Gregg Steinhafel, December 15 started out as a normal Sunday. He was at home, having coffee with his wife. That's when he got the first call about the cyber security breach at the retailer, which would to date put the personal information of as many as 110 million customers at risk.
"My heart sunk," Steinhafel reflected, describing his initial reaction to word of the attack, which had hit Target at the worst time with the busy holiday shopping season in full-swing and Christmas just 10 days away.
"It's hard for me to describe the feeling that came over me," he revealed in a CNBC interview—his first since Target acknowledged the attack—four days after Steinhafel was initially informed.
(Read more: Target CEO defends delay to disclose data breach)
While it's been about a month since Steinhafel learned of the breach, he said he's "still shaken by it." He said he's had many "sleepless nights" already, but expects many more because "we are not going to sleep until we get it right and we regain the trust of our guest. And we're gonna be better as a result of this."
He knows his customers are still frustrated, and said that "they have every right to be."
On December 19, Target first disclosed that as many 40 million credit and debit cards were compromised between November 27 and December 15 by malware installed on the company's point of sale registers.
Steinhafel said Target's first priority was to remove the malware, which was accomplished by that Sunday evening. "We were very confident that coming into Monday [Dec. 16], guests could come to Target and shop with confidence with no risk."
But this past Friday, Target said its investigation found that at least 70 million customers' personal information was stolen from its database—including names, mailing addresses, telephone numbers, and email addresses. Some victims did not shop at Target during the time of the breach, said the retailer, which expects some overlap in the two data sets but does not have the exact numbers yet.
Steinhafel said he's aware of the anger felt by his customers because he's been getting an unvarnished view of the outcry. "No one screens my email. So I have read every single email that has come to me."
He said the emails "run the gamut of emotions" from support of the way the retailer has handled the situation, to what he described as some "fairly poorly chosen words to describe Target and myself."
Target also announced on Friday that it lowered its fourth-quarter profit forecast, in part due to weaker-than-expected sales since reports of the cyber-attack emerged. Steinhafel said that shopping trends as of Friday were nearly back to normal.
"We have to do everything possible to make it right by every guest and earn that trust back," Steinhafel vowed.