Data breach costs Target exec her job
NEW YORK — Target Corp.'s executive ranks have suffered their first casualty since hackers stole credit card numbers and personal data from millions of the retailer's shoppers last year.
The nation's second largest discounter said that Beth Jacob, who has overseen everything from Target's website to its internal computer systems as Chief Information Officer since 2008, has resigned. The company said it will search for an interim CIO.
The departure, effective Wednesday, occurred as Target is working to overhaul some of its divisions that handle security and technology in response to the enormous data breach. Target said the resignation was Jacob's idea, but some analysts speculate that the executive was under intense scrutiny as the company attempts to restore its reputation among investors and shoppers.
“People are questioning Target's security, and she was the fall guy,” said Walter Loeb, a New York-based independent retail consultant.
The resignation points to the changing roles and demands on CIOs. They've long assumed a behind-the-scenes position, overseeing not only technology but the overall safety and security of company systems. But security experts say more is being demanded of them as the public becomes more aware of big security breaches.
“Now, they have to take on an active role,” said Heather Bearfield, partner in the technology and assurance group at accounting firm Marcum LLP. “You can't sit back and rely on the infrastructure.”
Target disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers.
When all is said and done, Target's breach could eclipse the biggest known data theft at a retailer. TJX Cos. in 2007 disclosed a breach of customer information that compromised more than 90 million records at its T.J. Maxx, Marshalls and HomeGoods stores.
Target has said it believes hackers broke into its network by infiltrating the computers of a vendor. Then the hackers installed malicious software in the checkout system for Target's estimated 1,800 American stores.
Target has been working to make changes. The company is accelerating its $100 million plan to roll out chip-based credit card technology, which experts say is more secure than traditional magnetic-stripe cards.
The company is changing technology and security duties within the company. For instance, compliance duties at Target were overseen by Target's current vice president of assurance risk and compliance, who had plans to retire at the end of March. Now, Target is separating the responsibility for assurance risk and compliance.
The compliance officer makes sure that the company meets outside regulatory requirements and internal policies, while the risk assurance division identifies and monitors the risks affecting the business.
Target, which is based in Minneapolis, said it plans to look outside the company for a chief information security officer and a chief compliance officer. Before the overhaul, information security functions were split among a variety of executives. Target's new chief information security officer will centralize those responsibilities, the company said.
Target said it is working with an outside adviser, Promontory Financial Group, to evaluate its technology, structure, processes and talent as part of the overhaul.
“We recognize that the information security environment is evolving rapidly,” said Target CEO Gregg Steinhafel.
Meanwhile, Target has been dealing with the fallout from the theft. The company said last week that its fourth-quarter profit fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers.
Target said sales have been recovering as more time passes, but that it expects business to be muted for some time: It issued a profit outlook for this quarter and full year that missed Wall Street estimates because of hefty costs related to the breach.
