Breach at US Retailer Target Prompts CIO Resignation
The chief information officer (CIO) at major US retail chain Target has resigned, following its massive security breach over the holidays. Additionally, the retailer revealed that the breach resulted in its fourth quarter profits unsurprisingly taking a substantial hit.
Former CIO and executive vice president for technology services Beth M. Jacob was with Target for 12 years. In her resignation letter, she said was stepping down immediately but did not discuss the breach. Target will be using an external interim CIO while it searches for Jacob’s permanent replacement.
The retailer’s profits were down 46% in the fourth quarter. Part of that loss was due to Target stepping up security measures following the breach. The retailer says the cost of the breach has been US$61m so far, which has been partially offset by US$44m in insurance payouts.
Target’s chief executive (CEO), Gregg Steinhafel, confirmed the company is “undertaking an overhaul” of its information security and compliance structure practices. “While we are still in the process of an ongoing investigation, we recognise that the information security environment is evolving rapidly,” he said.
The retailer also plans to elevate the role of chief information security officer, and is adding the new position of chief compliance officer.
The New York Times noted that while it is unclear how involved Jacob was in everyday protection, all online security officials reported to her. She does not appear to have a computer science background.
Darren Anstee, global solutions architect team lead at Arbor Networks, noted that the departure of Target’s CIO is further proof that data breaches of this magnitude have the most severe of consequences. “A successful attack can attract significant media attention, see heads roll and result in serious reputational damage,” he said.
Anstee added that with the threat landscape evolving rapidly, point-of-sale (POS) malware poses an increasing risk to retailers trying to protect their customers’ credit and debit card data. “It is all well and good Target doing an overhaul of its information security and compliance structure and practices now, but that process should be continuous to keep hackers at bay,” he said. “It is vital that organisations consider both mitigation strategies and response strategies, to minimise damage when an attack inevitably occurs. Ensuring that the risk of attacks like the Target one is minimised, will not only protect customer data and organisations’ reputations, but also jobs at the top of the tree.”
Although Target breach was the largest and most well-known US retailer to be targeted by cybercriminals, Neiman Marcus and Michaels are also believed to have been hit by the same group. On Wednesday, it was revealed that Sally Beauty is also investigating a possible breach that may have compromised hundreds of thousands of customer credit cards.