MINNEAPOLIS — Target's chief executive started the week Monday trying to assure consumers that his company will figure out who stole personal information on tens of millions of its customers, and he apologized for the massive data breach, which he said has been mended.
"As time goes on, we're going to get to the bottom of this," Gregg Steinhafel, Target's president and CEO, said Monday on CNBC. "We're not going to rest until we understand what happened and how that happened."
Steinhafel said the breach occurred when hackers installed malware on the Minneapolis-based company's point-of-sale registers. Steinhafel declined to outline the changes being made in an effort to protect customers' personal information, citing the ongoing criminal investigation.
Target said hackers stole the personal information of up to 110 million customers, including names, mailing addresses, telephone numbers and email addresses, through their credit and debit cards.
Steinhafel said he learned about the data breach on the morning of Dec. 15. He added that "my heart sunk" and he has had many "sleepless nights" since his company's troubles began.
The company announced the breach Dec. 19, and Steinhafel explained it took several days for the company to reveal it because officials first had to make sure its data system was safe, then prepare employees and set up call centers to handle inquiries from the public.
"We've tried to be very transparent and very clear," he said.
He said he's also aware of how Target customers are feeling: "No one screens my email," Steinhafel said. "So I have read every single email that has come to me.
"It has run the gamut of emotions from 'I'm with you, Target' and I've had the other side of that equation to where there's been some very poorly chosen words to describe Target and myself," he said.
In a full-page ad in Monday's Star Tribune, Steinhafel said his company's "top priority is take care of you and helping you feel confident about shopping at Target, and it is our responsibility to protect your information when you shop with us. … We didn't live up to that responsibility, and I am truly sorry."
He said the company "moved as swiftly as we could to address the problem," having closed the "access point that the criminal used" and hired security experts to determine how "criminals forced their way into our systems."