Customers walk through the cosmetics department at the Target store in Arvada, Colorado.
BOSTON/NEW YORK: Target Corp began a major public relations effort yesterday to apologise to customers for an unprecedented cyber attack on its network, but the No. 3 US retailer was vague in providing details about what it knew and when.
The company has so far disclosed that the breach started in late November and lasted 19 days over the peak holiday shopping season, resulting in the theft of about 40 million credit card records and 70 million other records containing customer data.
Target is trying to woo back customers after sales dropped off at the end of the holiday season. Its campaign included full-page newspaper advertisements on Monday apologizing for the attack and the first interview since the breach by chief executive Gregg Steinhafel.
He told CNBC TV business network that Target wanted to lead the retail industry’s move to adopt payment card technology that stores customer information on computer chips and requires users to type in personal identification numbers.
On Sunday, a top executive with the National Retail Federation called for tougher security standards that could mean more spending for the industry, its banks and business partners following the breaches at Target and other retailers in the United States.
Steinhafel said he was proud of the way Target employees had responded once the breach was confirmed, yet he provided few details about what had happened.
Target disclosed on December 19 that it was victim to one of the biggest credit card breaches on record. It said it ran for 19 days in the busy holiday shopping season through December 15. “We’re going to get to the bottom of this,” Steinhafel told CNBC. “We’re not going to rest until we understand what happened and how that happened.”
The company declined to say precisely when it first came to suspect its systems might have been compromised. In the CNBC interview, Steinhafel said the company “confirmed” that it had been victim of a breach on Dec. 15, but he provided no account of what happened in preceding weeks. “December 15. That was the day we confirmed that we had an issue,” he said.
Sources familiar with the investigation have previously told Reuters that Target learned about the attack only after receiving warnings from financial industry sources who reported seeing a surge in fraudulent credit card activity from accounts of customers who had shopped at the retailer.
Another retailer, Neiman Marcus, disclosed on Friday that it was warned about a possible breach in mid-December and that an outside forensics firm confirmed a breach on January 1, saying it found evidence that some payment card data may have been compromised.