Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Target CEO Departs in Wake of Data Breach

Target has named an interim CEO and interim chairwoman of its board of directors as the search for a new lead executive gets under way.

More change is afoot at Target as another executive is departing in the aftermath of last year's data breach.

The retailer announced today that Gregg Steinhafel is stepping down effective immediately from his role as president, CEO, and chairman of the board of directors. John Mulligan, Target's chief financial officer, will serve as interim president and chief executive officer while the company searches for a permanent replacement. In addition, Roxanne S. Austin, a member of the company's board of directors, will be appointed interim non-executive chairwoman of the board.

A massive data breach last year affected payment card data and customer information of millions of consumers. Steinhafel has led the company's response to the breach. In a press release, the company thanked him for his leadership.

"The board is deeply grateful to Gregg for his significant contributions and outstanding service throughout his notable 35-year career with the company," the company said. "Under his leadership, the company has not only enhanced its ability to execute, but has broadened its strategic horizons. He also led the company through unprecedented challenges, navigating the financial recession, reacting to challenges with Target's expansion into Canada, and successfully defending the company through a high-profile proxy battle."

Steinhafel is the latest executive to depart the company in the wake of the breach. Beth Jacob resigned as chief information officer this year and has been replaced Bob DeRodes. The company is still searching for a chief information security officer, as well as a chief compliance officer.

The leadership changes are being accompanied by a new focus on security technologies. When it named DeRodes the new CIO, the company jointly announced an effort to accelerate adoption to chip-and-PIN enabled REDcards. Starting in early 2015, the entire REDcard portfolio, including all Target-branded credit and debit cards, will be enabled with MasterCard's chip-and-PIN solution. Co-branded cards will be reissued as MasterCard co-branded chip-and-PIN cards.

Target is also moving ahead with a plan to install supporting software for the chip-and-PIN technology and next-generation payment devices in its stores. The new payment terminals are expected to be in all 1,797 Target stores by this September, six months ahead of schedule, according to the company.

"The last few months have tested Target in unprecedented ways," Steinhafel wrote in his resignation letter to the board. "From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused than ever on delivering for our guests. We have already begun taking a number of steps to further enhance data security, putting the right people, processes and systems in place. With several key milestones behind us, now is the right time for new leadership at Target."

Experts around the security chimed in with a variety of opinions about Target's post-breach executive changes. Not all of them felt that a breach necessitates a change in leadership.

"If a CEO's longevity is based on the ability to keep an adversary off the network, everyone will lose their jobs," says Shawn Henry, CSO at CrowdStrike and president of CrowdStrike's Services Division. "The reality is that you cannot keep the adversary off the network. Organizations need to focus on adversary detection and consequence management, and the government needs to focus on identifying who is behind this type of malicious activity."

.

        

 
Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/9/2014 | 10:08:42 AM
Re: Where is your organization's sensitive data? -- Lessons Learned
The message certainly should ring loud and clear to top-level management at retailers (or any organization holding user data) that the buck starts and stops with them when it comes to the security of personal data. I expect they are finally paying attention. (at least i hope so)
kyle F. Kennedy
50%
50%
kyle F. Kennedy,
User Rank: Apprentice
5/6/2014 | 12:46:57 PM
Where is your organization's sensitive data?

First Target's CIO, Beth Jacob resigned in March along with a good percentage of key security team personnel and now yesterday Target's CEO Gregg Steinhafel announced he was stepping down "effective immediately" as part of Target's post breach clean up and remediation strategy. A data breach of any magnitude can't just be measured on the customers that were impacted. Data breach analysis must include the impact to the company's brand and most importantly consumer confidence in that brand going forward. Five months post data breach and Target's financial numbers are still declining with lower consumer confidence a key trait to why those financial numbers keep falling. Protecting Sensitive Data is absolutely critical to any organization no matter how large or small that organization may be. I just hope all the CIO's, CISO's, CTO's, CSO's, and CEO's reading various media outlets on Target's CEO resigning learn from the Target data breach and why it is imperative to have technologies like STEALTHbits – StealthSEEK and StealthINTERCEPT to help discover, prioritize, identify, remediate and secure sensitive data within their enterprise.

Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/5/2014 | 5:15:57 PM
Re: Target CEO Departs
There's obviously probably more to this than the data breach. But it does seem to indicate Target has learned a lot from the incident.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
5/5/2014 | 4:44:29 PM
Re: Target CEO Departs
It's hard to feel sorry for Steinhafel given that he could receive more than $55 million in his exit.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/5/2014 | 4:01:11 PM
Re: Target CEO Departs
True, for a breach of this size more than one head had to roll.
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/5/2014 | 3:59:27 PM
Re: Target CEO Departs
I thought that's what a CIO was for: an executive the CEO can dispose of if there's a security breach. I guess that firewall failed.
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/5/2014 | 12:52:16 PM
Target CEO Departs
Well it was just a matter of time, someone has to take the blame for their troubles.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.