Security Experts:

Target CEO to Step Down Following Massive Data Breach

Target Corp. announced on Monday that effective immediately, Gregg Steinhafel would step down from his positions as Chairman of the Target board of directors, president and CEO, following the massive data breach late last year that exposed millions of customer payment card numbers and hurt company profits.

“Today we are announcing that, after extensive discussions, the board and Gregg Steinhafel have decided that now is the right time for new leadership at Target,” a statement from the Board of Directors said.

John Mulligan, Target’s chief financial officer, has been appointed as interim president and chief executive officer.

“Most recently, Gregg led the response to Target’s 2013 data breach. He held himself personally accountable and pledged that Target would emerge a better company,” the statement said.

The company said that it has retained executive search firm Korn Ferry to advise the board on a CEO search and that Steinhafel has agreed to serve in an advisory capacity during the transition.

In another executive leadership change, on April 29, the company named Bob DeRodes as the CIO, who will be tasked with guiding the company's information technology transformation.

In addition to naming DeRodes the company’s new CIO, Target announced a significant new initiative as part of the company’s accelerated $100 million plan to move its REDcard portfolio to chip-and-PIN-enabled technology and to install supporting software and next-generation payment devices in stores. 

Since the initial confirmation of the data breach, Target said that it has taken significant actions to strengthen security across the network, and that further enhancements would continue.

The retail giant said that beginning in early 2015, its entire REDcard portfolio, including all Target-branded credit and debit cards, would be enabled with MasterCard’s chip-and-PIN solution. Eventually, all of Target’s REDcard products will be chip-and-PIN secured, the company said. The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule.

Target said late last month that it is still searching for a chief information security officer (CISO) and a chief compliance officer.

"The resignation of Target’s CEO could signal the beginning of the end for this security apathy, and it’s quite likely that will start to see a transformation of the security mindset around protecting data," Dave Hansen, President and CEO at SafeNet, told SecurityWeek in an emailed statement. "Symantec just admitted as much when it announced today in a Wall Street Journal interview that the antivirus software it invented over 25 years ago 'is dead.'"

"These two separate but related events show that the old guard of security is being replaced by new mindsets that focus on securing the data itself," Hansen added. "History has shown us that perimeter defenses, whether they are stone wall or firewalls, will be breached.”

*12:00PM ET Updated with commenatry from Dave Hansen

Subscribe to the SecurityWeek Email Briefing
view counter