Archive
SUBSCRIBE NEWSLETTERS
ADVERTISE| CLASSIFIEDS| JOBS| E-TRIB
HIGH SCHOOL SPORTS NETWORK NEIGHBORHOOD NEWS NETWORK
Western Pennsylvania's trusted news source
Target's CEO out over security breach | TribLIVE.com
News

Target's CEO out over security breach

The Associated Press
The Associated Press

NEW YORK — Target's CEO has become the first boss of a major corporation to lose his job over a breach of customer data, showing how responsibility for computer security reaches right to the top.

Gregg Steinhafel, who was president and chairman, stepped down nearly five months after Target disclosed a pre-Christmas breach in which hackers stole millions of customers' credit- and debit-card records.

Steinhafel, a 35-year veteran of the company and chief executive since 2008, also resigned from the board of directors, Target announced on Monday.

“He was the public face of the breach. The company struggled to recover from it,” said Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin. “It's a new era for boards to take a proactive role in understanding what the risks are.”

Chief Financial Officer John Mulligan was named interim president and CEO.

The departure of Steinhafel, 59, suggests the company wants a clean slate as it wrestles with the fallout. But the resignation leaves a leadership hole at a time when the 1,800-store chain is dealing with many other challenges.

The company is struggling to maintain its cachet while competing with Wal-Mart and Amazon.com. Target is grappling with a disappointing expansion into Canada, its first foray outside the United States.

Experts say the breach, which highlighted the flaws in Target's security system, seemed to be the final straw.

The Target board said in a statement that extensive discussions with Steinhafel led them to decide “it is the right time for new leadership at Target.” The board said that he “held himself personally accountable.”

“The last several months have tested Target in unprecedented ways,” Steinhafel wrote in a letter to the board that was made available to The Associated Press. “From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused than ever on delivering for our guests.”

On Dec. 19, Target disclosed a breach of 40 million credit and debit card accounts over a nearly three-week period before Christmas. Then on Jan. 10, the company said hackers also stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers.

Hackers might have bombarded a Sharpsburg heating and ventilation company's remote data link access with Target as a stepping stone to get the retailer's credit card information, computer security experts at Carnegie Mellon University told the Tribune-Review previously.

Ross Fazio, owner of Fazio Mechanical Services Inc., told the Trib in February that his company was the victim of a “sophisticated cyberattack” in which it appeared hackers used Fazio's remote access to Target's internal network to eventually get access to Target's point-of-sale registers, where they could obtain credit card information.

Fazio said his company had a data connection with Target for electronic billing, contract submission and project management.

Breaking into the contractor's system could be as simple as bombarding employees with computer viruses by email, or the hackers could have posed as the contractor in order to breach Target's systems, the CMU experts told the Trib as part of its ongoing “Cyber Rattling: The Next Threat” series.

Under Steinhafel's leadership, Target won praise for its expansion into fresh groceries and its 5 percent discount for customers who use its branded debit and credit cards.

Target, based in Minneapolis, has been criticized for reacting too slowly to a shift toward shopping on mobile devices. Target just started to let shoppers order items online and pick them up at the store, years later than competitors.

Analysts say Target botched its Canadian expansion by moving too aggressively. The company opened about 120 stores in the latest year and lost nearly $1 billion in the Canadian business.

Target reported in February that its fourth-quarter profit fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers.

“Ultimately, too much rained down on Gregg Steinhafel,” said Brian Sozzi, CEO and chief equities strategist at Belus Capital Advisors. “There was no way he could escape the black vortex of news.”

Its shares are down 5.8 percent since the breach was disclosed. Target's stock fell more than 3 percent, or $2.14, to close at $59.87.

Target's sales have been recovering, but it expects to feel the effects for some time. The breach has spawned dozens of legal actions that could be costly.

Two months ago, the company's chief information officer lost her job.

Last week, Target announced plans to become the first major U.S. retailer to have store credit and debit cards with chip-and-PIN security technology.