Target CEO Departs in Wake of Data Breach Source: Brian Prince Contributing Writer, Dark Reading
May 05, 2014

Target CEO Departs in Wake of Data Breach

Source: Brian Prince: Contributing Writer, Dark Reading

Target CEO Departs in Wake of Data Breach Target has named an interim CEO and interim chairwoman of its board of directors as the search for a new lead executive gets under way.

More change is afoot at Target as another executive is departing in the aftermath of last year's data breach.

The retailer announced today that Gregg Steinhafel is stepping down effective immediately from his role as president, CEO, and chairman of the board of directors. John Mulligan, Target's chief financial officer, will serve as interim president and chief executive officer while the company searches for a permanent replacement. In addition, Roxanne S. Austin, a member of the company's board of directors, will be appointed interim non-executive chairwoman of the board.

A massive data breach last year affected payment card data and customer information of millions of consumers. Steinhafel has led the company's response to the breach. In a press release, the company thanked him for his leadership.

"The board is deeply grateful to Gregg for his significant contributions and outstanding service throughout his notable 35-year career with the company," the company said. "Under his leadership, the company has not only enhanced its ability to execute, but has broadened its strategic horizons. He also led the company through unprecedented challenges, navigating the financial recession, reacting to challenges with Target's expansion into Canada, and successfully defending the company through a high-profile proxy battle."

Steinhafel is the latest executive to depart the company in the wake of the breach. Beth Jacob resigned as chief information officer this year and has been replaced Bob DeRodes. The company is still searching for a chief information security officer, as well as a chief compliance officer.

The leadership changes are being accompanied by a new focus on security technologies. When it named DeRodes the new CIO, the company jointly announced an effort to accelerate adoption to chip-and-PIN enabled REDcards. Starting in early 2015, the entire REDcard portfolio, including all Target-branded credit and debit cards, will be enabled with MasterCard's chip-and-PIN solution. Co-branded cards will be reissued as MasterCard co-branded chip-and-PIN cards.

Target is also moving ahead with a plan to install supporting software for the chip-and-PIN technology and next-generation payment devices in its stores. The new payment terminals are expected to be in all 1,797 Target stores by this September, six months ahead of schedule, according to the company.

"The last few months have tested Target in unprecedented ways," Steinhafel wrote in his resignation letter to the board. "From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused than ever on delivering for our guests. We have already begun taking a number of steps to further enhance data security, putting the right people, processes and systems in place. With several key milestones behind us, now is the right time for new leadership at Target."

Experts around the security chimed in with a variety of opinions about Target's post-breach executive changes. Not all of them felt that a breach necessitates a change in leadership.

"If a CEO's longevity is based on the ability to keep an adversary off the network, everyone will lose their jobs," says Shawn Henry, CSO at CrowdStrike and president of CrowdStrike's Services Division. "The reality is that you cannot keep the adversary off the network. Organizations need to focus on adversary detection and consequence management, and the government needs to focus on identifying who is behind this type of malicious activity." .

Jun 10.13 | Canada Eavesdropping on Phone, Internet Records Too: Source: Globe and Mail

read more

Jan 18.13 | Java Security Warnings: Cut Through The Confusion by Mathew J. Schwartz

read more

May 29.12 | Researchers identify Stuxnet-like malware called 'Flame' By Lucian Constantin

read more

May 18.12 | Even a minor lapse in security protocol can lead to major costs Posted by: Karen Goulart

read more

Apr 03.12 | Global Payments hopes to soon regain PCI compliance after breach

Global Payments hopes to soon regain PCI compliance after breach
read more

Oct 11.11 | Businesses failing to comply with PCI DSS security standards: Verizon and Banktech India News Network, 9/29/2011 10:55:29 AM

Too many businesses are struggling to comply with payment card security standards, putting consumers’ confidential information at risk, according to a report by IT services and solutions provider Verizon. Te report for a second year in a row found compliance lacking on the payment card security front. read more

May 03.11 | Sony data breach update reveals 'bad practices' By Emily Chung, CBC News

The data breach affecting Sony Online Entertainment's 24.6 million accounts is linked to a previously announced cyberattack on Sony's PlayStation Network and Qriocity entertainment service, which affected the personal information of more than 77 million users. Thomas Peter/Reuters read more

Mar 11.11 | Assume you’re always under attack’: experts By: Liam Lahey On: 11 Mar 2011 For: ComputerWorld Canada

Enterprises must make a conscious decision about what information we’re prepared to lose, said an exec with security vendor Symantec. Why companies are missing the mark with security risk management read more

Oct 26.10 | ‘Spear-Phishing’ Attacks Keep on Giving by Kim Zetter,

‘Spear-Phishing’ Attacks Keep on Giving

* By Kim Zetter read more