In the wake of a data breach that potentially impacted more than 100 million people and hit its profits and sales, Target Corp. is revamping its information security practices.
This story first appeared in the March 6, 2014 issue of WWD. Subscribe Today.
And it is shaking up the operation’s management in the process.
Target said Wednesday that chief information officer Beth Jacob had resigned. She had been in the position since 2008. The discounter is now looking for an interim cio to succeed Jacob.
“While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly. To ensure that Target is well-positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices,” said chairman, president and chief executive officer Gregg Steinhafel.
The ceo himself has been under pressure in the wake of the data breach, but also as the retailer has struggled to recapture its momentum in the U.S. and with its expansion into Canada.
“We will be elevating the role of the chief information security officer and hiring externally for this position,” Steinhafel said of the planned changes. “Additionally, we will be initiating an external search for a chief compliance officer. We are also working with an external adviser, Promontory Financial Group, to help us evaluate our technology, structure, processes and talent as a part of this transformation.”
Until now, the responsibilities of a chief compliance offer were overseen by Target’s vice president of risk assurance and compliance, who had plans to retire at the end of the month. Before the restructuring, Target’s information security functions were divided among several executives.
Target disclosed that it had been a victim of a cybersecurity breach on Dec. 19, smack in the middle of the busy holiday season. The breach occurred between Black Friday and Dec. 15, Target has said, with information from debit and credit accounts potentially stolen from 40 million Target shoppers. The retailer on Jan. 10 said personal information such as names, phone numbers and e-mail addresses could have been taken from another 70 million consumers.
Target is offering consumers free credit monitoring and speeding up the adoption of credit and debit cards with advanced chip technology, an investment of more than $100 million.
When Target reported its financials last week, the retailer included in its guidance about 7 cents related to the costs of the data breach and cautioned that these expenses could have a “material adverse effect” on its first-quarter results and beyond. The company was unable to estimate future expenses related to the breach, but indicated that it’s likely to receive a $44 million insurance payout.
Target reported that net profits for the fourth quarter ended Feb. 1 fell 46 percent to $520 million from $961 million in the previous year. Fourth-quarter sales fell 6.6 percent to $20.9 billion from $22.4 billion, reflecting a 2.5 percent decrease in comp-store sales.
Full-year net profits dropped 34.3 percent to $1.97 billion from $2.99 billion. Full-year 2013 sales declined 0.9 percent to $71.3 billion from $72 billion last year.