Target's tech chief resigns as company overhauls security in wake of data breach
A passer-by walks near an entrance to a Target retail store in Watertown, Mass., in this Dec. 19, 2013, file photo. (AP / Steven Senne)
Anne D'Innocenzio, The Associated Press
Published Wednesday, March 5, 2014 10:11AM EST
Last Updated Wednesday, March 5, 2014 5:00PM EST
NEW YORK -- Target Corp.'s executive ranks have suffered their first casualty since hackers stole credit card numbers and other personal data of millions of its shoppers last year.
The nation's second largest discounter told The Associated Press that Beth Jacob, who has overseen everything from Target's website to its internal computer systems as Chief Information Officer since 2008, has resigned. The company said it will search for an interim CIO.
The departure, which is effective Wednesday, comes as Target works to overhaul some of divisions that handle security and technology following the massive data breach. Target said the resignation was Jacob's idea, but some analysts speculate that the executive has faced intense scrutiny as the company has tried to restore its reputation among investors and shoppers.
"People are questioning Target's security and she was the fall guy," said Walter Loeb, a New York-based independent retail consultant.
The resignation points to the changing role of companies' CIOs. They've long assumed a behind-the-scenes position overseeing not only technology, but the overall safety and security of company systems. But security experts say more is being demanded of them as the public becomes more aware of big security breaches.
"Now, they have to take on an active role," said Heather Bearfield, partner in the technology and assurance group at accounting firm Marcum LLP. "You can't sit back and rely on the infrastructure."
Target disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers also stole personal information -- including names, phone numbers, and email and mailing addresses -- from as many as 70 million customers.
When all is said and done, Target's breach could eclipse the biggest known data theft at a retailer: TJX Cos. in 2007 disclosed a breach of customer information that compromised more than 90 million records at its T.J. Maxx, Marshalls and HomeGoods stores.
Target has said it believes hackers broke into its network by infiltrating the computers of a vendor. Then the hackers installed malicious software in the checkout system for Target's estimated 1,800 U.S. stores.
In the wake of the breach, Target has been working to make changes. The company is accelerating its $100 million plan to roll out chip-based credit card technology, which experts say is more secure than traditional magnetic stripe cards.
The company also is changing technology and security duties within the company. For instance, compliance duties at Target were overseen by Target's current vice-president of assurance risk and compliance, who already had plans to retire at the end of March. Now, Target is separating the responsibility for assurance risk and compliance.
The compliance officer makes sure that the company meets outside regulatory requirements and internal policies, while the risk assurance division identifies and monitors the risks affecting the business.
Target, which is based in Minneapolis, said it plans to look outside the company for a chief information security officer and a chief compliance officer. Before the overhaul, information security functions were split among a variety of executives. Target's new chief information security officer will centralize those responsibilities, the company said.
Target also said it is working with an outside adviser, Promontory Financial Group, to evaluate its technology, structure, processes and talent as part of the overhaul.
"While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," said Target CEO Gregg Steinhafel.
Meanwhile, Target has been dealing with the fallout from the theft. The company said last week that its fourth-quarter profit fell 46 per cent on a revenue decline of 5.3 per cent as the breach scared off customers.
Target said sales have been recovering as more time passes. But the company also said it expects business to be muted for some time: It issued a profit outlook for the current quarter and full year that missed Wall Street estimates because it faces hefty costs related to the breach.
In a letter to Steinhafel that was furnished by Target, the outgoing Chief Information Officer Jacob did not mention the data breach, but said that resigning was a "difficult decision."
During her tenure, Jacob played a big role in bringing the company's online operations in house a few years ago. She also got attention for overseeing Target's innovation lab that opened last May in San Francisco. The lab looks at futuristic technology, such as how wearable gadgets like smart watches might be used in its stores.
But during her time as CIO, Target also endured some public relations nightmares related to its online operations. The website had several outages, particularly the well-publicized launch of a limited collection from Italian designer Missoni in the fall of 2011. The company has worked hard to fix those problems.
Shares of Target were down 72 cents, or more than 1 per cent, to $60.61 on Wednesday. The stock is down a little over 3 per cent since the breach was disclosed.