During an interview with CNBC, retailer’s CEO defends four-day delay in notifying customers of security breach as necessary for the investigation and preparation for consumer reaction.
January 12, 2014 7:15 PM PST
Hackers infected Target’s point-of-sale terminals with malware to steal the payment card information from millions of customers, the retailer’s chief executive has confirmed.
The security breach, which yielded the personal information of as many as 110 million customers, was first identified on December 15, four days before the breach was publicly revealed, CEO Gregg Steinhafel told CNBC during an interview. Target revealed Friday that the security breach it suffered between November 27 and December 15 was larger than originally believed, yielding the names, mailing addresses, phone numbers, and e-mail addresses for near three times its original estimate of 40 million customers.
“Sunday [December 15] was really Day 1. That was the day we confirmed we had an issue and so our number one priority was … making our environment safe and secure,” Steinhafel said in the interview. “By six o’clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk.”
Steinhafel defended the four-day delay in its notification process as necessary for investigators and consumer preparation.
Yikes! Target’s data breach now could affect 110M people
Leahy’s perennial data privacy bill gets another shot
Two iPods at two different Target stores (both full of erasers?)
“Day 2 was really about initiating the investigation work and the forensic work … that has been ongoing. Day 3 was about preparation. We wanted to make sure our stores and our call centers could be as prepared as possible, and Day 4 was about notification,” he told CNBC in an interview scheduled to air Monday.
Target was not the only US retailer to suffer a security breach during the holiday shopping season. Upscale department store Neiman Marcus confirmed on Friday that its database of customer information was hacked last month around the same time as the attack on Target.
Additionally, Reuters reports that at least three other well-known but unidentified retailers experienced smaller breaches that have yet to be publicly revealed.
The practice of payment card skimming at point-of-sale terminals has become more frequent in recent years, often victimizing customers of well-known retailers. Bookseller Barnes & Noble discovered in fall 2012 that hackers had broken into keypads at more than 60 locations around the United States and made off with customers’ credit card information. That same month, two Romanian men pled guilty to hacking point-of-sale terminals at hundreds of Subway sandwich stores in the US to steal credit card data from more than 146,000 accounts.