Target CEO Gregg Steinhafel spoke out for the first time Monday morning with CNBC about the data breach that has affected as many as 110 million people.
"As we have learned more, we have been truthful and timely in all of that communication," Steinhafel said, offering his assessment of Target's customer communication efforts as new information about the breach surfaces.
Yet, it took a month for Steinhafel to publicly face the music on television, answering several soft-ball questions from the business network. Steinhafel confirmed in the interview that the breach took place after hackers installed malware on Target's point-of-sale registers as he made his first on-air apology.
At best, Steinhafel offered a partial explanation that explained how hackers got 40 million credit and debit card numbers as well as encrypted PIN data from the magnetic strip of swiped cards; however, he didn't explain the other stolen database that was disclosed last Friday and contained addresses, phone numbers and even e-mail addresses of an estimated 70 million customers.
The credit card data has already hit the black market, and are being sold at a premium of between $20 and $100. It also appears that the same culprits may have hit other companies too. Over the weekend, Nieman Marcus announced it had a similar breach around the same time.
Steinhafel defended Target and told viewers it took 4 days to reveal the breach because Target's priority was ensuring the environment was safe first, then the focus turned to the investigation.
Day 1: Sunday, Dec. 15, confirmed there was an 'issue,' priority was making 'environment safe'
"By 6:00 at night, our environment was safe and secure. We eliminated the malware in the access points, so we were very confident that coming into Monday, guests could come to Target and shop with confidence at no risk," Steinhafel said.
Day 2: Monday, Dec. 16, investigation initiated, forensic work
Day 3: Tuesday, Dec. 17, preparation of stores and call centers
Day 4: Wednesday, Dec. 18, customer notification
Target free credit monitoring: https://creditmonitoring.target.com
Your money: 4 ways to protect yourself
The promise: Victims not financially responsible for credit/debit card fraud
The cause: Point-of-sale malware to blame
'Clearly, we are accountable'
"Clearly, we are accountable and we are responsible, but we are going to come out at the end of this a better company and we are going to make significant changes, that's what you do when you go through a period like this, you have to learn from it and you have to apply those learnings" Steinhafel said.
First, it was believed 40 million customers had been hacked, but on Friday, Target announced 70 million more accounts had been compromised. Steinhafel said there is no evidence at this time of another security breach.
Steinhafel said he's had many "sleepless nights" following news of the breach and expects more to come as the investigation ensues.
"We're not going to rest until we understand what happened and how that happened," Steinhafel said.
Open letter to Target customers
Steinhafel shared a letter with customers published in A Bullseye View, Target's "behind-the-scenes" online magazine on Monday.
"I know this breach has had a real impact on you, creating a great deal of confusion and frustration. I share those feelings. You expect more from us and deserve better," the letter reads, in part.
Full letter: http://bit.ly/1d0N9Au