The company explains why it took four days to alert customers

Jan 13, 2014 08:26 GMT  ·  By

In a recent interview, Target’s Chairman and CEO Gregg Steinhafel has confirmed that cybercriminals have managed to compromise customer information by installing malware on point of sale (POS) registers.

The company has yet to determine how the attackers managed to install the malware. Target is working with law enforcement to find out.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. ... We are not going to rest until we understand what happened and how that happened," Steinhafel said in an interview with CNBC.

The retailer’s CEO has also provided some explanations as to why they waited four days before alerting their customers of the breach. He says their number one priority was to make sure the malware was removed from the access point.

On the second day, they started working on determining what information had been compromised. On day three, according to Steinhafel, they prepared for the wave of customers that would inquire about the incident at their stores and call centers.

Initially, Target said the cybercriminals compromised the payment cards of up to 40 million customers. However, last week, after continuing to analyze the breach, it was determined that the attackers also stole the names, addresses, and the email addresses or phone numbers of up to 70 million people.

Last week, another major retailer, Neiman Marcus, also admitted suffering a data breach in which payment card data was stolen. So far, there’s no information on how the hackers gained access to the company’s systems.

However, there’s no evidence that those who made purchases on the Neiman Marcus website are affected by the breach.

The Dallas-based company is working with law enforcement, its credit card processor, and a firm that specializes in investigations, intelligence and risk management on determining the full extent of the incident.