Quantcast

Target tech chief resigns as retailer overhauls security

By Anne D'innocenzio

Associated Press

Published: Wednesday, March 5 2014 8:40 p.m. MST

In this Dec. 19, 2013, file photo, a passer-by walks near an entrance to a Target retail store in Watertown, Mass. Target Corp. Chief Information Officer Beth Jacob is resigning effective Wednesday as the retailer overhauls its information security and compliance division in the wake of a massive pre-Christmas data breach.

Steven Senne, Associated Press

NEW YORK — Target Corp.'s executive ranks have suffered their first casualty since hackers stole credit card numbers and other personal data of millions of its shoppers last year.

The nation's second largest discounter told The Associated Press that Beth Jacob, who has overseen everything from Target's web site to its internal computer systems as Chief Information Officer since 2008, has resigned. The company said it will search for an interim CIO.

The departure, which is effective Wednesday, comes as Target works to overhaul some of divisions that handle security and technology following the massive data breach. Target said the resignation was Jacob's idea, but some analysts speculate that the executive has faced intense scrutiny as the company has tried to restore its reputation among investors and shoppers.

"People are questioning Target's security and she was the fall guy," said Walter Loeb, a New York-based independent retail consultant.

The resignation points to the changing role of companies' CIOs. They've long assumed a behind-the-scenes position overseeing not only technology, but the overall safety and security of company systems. But security experts say more is being demanded of them as the public becomes more aware of big security breaches.

"Now, they have to take on an active role," said Heather Bearfield, partner in the technology and assurance group at accounting firm Marcum LLP. "You can't sit back and rely on the infrastructure."

Target disclosed on Dec. 19 that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10 it said hackers also stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers.

When all is said and done, Target's breach could eclipse the biggest known data theft at a retailer: TJX Cos. in 2007 disclosed a breach of customer information that compromised more than 90 million records at its T.J. Maxx, Marshalls and HomeGoods stores.

Target has said it believes hackers broke into its network by infiltrating the computers of a vendor. Then the hackers installed malicious software in the checkout system for Target's estimated 1,800 U.S. stores.

In the wake of the breach, Target has been working to make changes. The company is accelerating its $100 million plan to roll out chip-based credit card technology, which experts say is more secure than traditional magnetic stripe cards.

The company also is changing technology and security duties within the company. For instance, compliance duties at Target were overseen by Target's current vice president of assurance risk and compliance, who already had plans to retire at the end of March. Now, Target is separating the responsibility for assurance risk and compliance.

The compliance officer makes sure that the company meets outside regulatory requirements and internal policies, while the risk assurance division identifies and monitors the risks affecting the business.

Target, which is based in Minneapolis, said it plans to look outside the company for a chief information security officer and a chief compliance officer. Before the overhaul, information security functions were split among a variety of executives. Target's new chief information security officer will centralize those responsibilities, the company said.

Target also said it is working with an outside adviser, Promontory Financial Group, to evaluate its technology, structure, processes and talent as part of the overhaul.

"While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," said Target CEO Gregg Steinhafel.

Get The Deseret News Everywhere

Subscribe

Mobile

RSS