and Matthew J. Belvedere
For Target Chairman and CEO Gregg Steinhafel, Dec. 15 started out as a normal Sunday. He was at home, having coffee with his wife. That's when he got the first call about the cyber security breach at the retailer, which would to date put the personal information of as many as 110 million customers at risk.
"My heart sunk," Steinhafel reflected, describing his initial reaction to word of the attack, which had hit Target at the worst time with the busy holiday shopping season in full-swing and Christmas just 10 days away.
"It's hard for me to describe the feeling that came over me," he revealed in a CNBC interview -- his first since Target acknowledged the attack -- four days after Steinhafel was initially informed.
While it's been about a month since Steinhafel learned of the breach, he said he's "still shaken by it." He said he's had many "sleepless nights" already, but expects many more because "we are not going to sleep until we get it right and we regain the trust of our guest. And we're gonna be better as a result of this."
He knows his customers are still frustrated, and said that "they have every right to be."
On Dec. 19, Target (TGT) first disclosed that as many 40 million credit and debit cards were compromised between Nov. 27 and Dec. 15 by malware installed on the company's point of sale registers.
Steinhafel said Target's first priority was to remove the malware, which was accomplished by that Sunday evening.
But this past Friday, Target said its investigation found that at least 70 million customers' personal information was stolen from its database -- including names, mailing addresses, telephone numbers, and email addresses. Some victims didn't shop at Target during the time of the breach, said the retailer, which expects some overlap in the two data sets but doesn't have the exact numbers yet.
Steinhafel said he's aware of the anger felt by his customers because he's been getting an unvarnished view of the outcry. "No one screens my email. So I have read every single email that has come to me."
He said the emails "run the gamut of emotions" from support of the way the retailer has handled the situation, to what he described as some "fairly poorly chosen words to describe Target and myself."
Target also announced Friday that it lowered its fourth-quarter profit forecast, in part due to weaker-than-expected sales since reports of the cyber-attack emerged. Steinhafel said that shopping trends as of Friday were nearly back to normal.
"We have to do everything possible to make it right by every guest and earn that trust back," Steinhafel vowed.
More from CNBC
- Target CEO Defends Delay to Disclose Data Breach
- Neiman Marcus: Hackers May Have Stolen Payment Card Data
- Target Data Breach: Beyond Cards?