Target replaces CEO after millions affected by data breach

Added by on May 5, 2014

Target on Monday announced Gregg Steinhafel, its Chief Executive Officer, has stepped down after a data breach where the details of approximately 40 million Target shoppers’ credit cards and debit cards were stolen during the 2013 holiday shopping season.

The attack came amid weakness in traffic at the company’s stores during the 2013 holiday season, weak sales, and a money losing expansion into Canada.

In its announcement, the company said the CEO is being replaced with its Chief Financial Officer John Mulligan while it seeks a new CEO. The moves come after extensive discussions and weekly meetings of the company’s board of directors.

With 35 years at Target, Steinhafel is expected to get an exit package worth about US$37.8 million which includes accelerated vesting of stocks and cash severance.

Under Steinhafel’s tenure Target’s 1,797 stores in the US and 127 stores in Canada and posted a drop of 5.5% in its sales in 2013 compared to sales in 2012. Industry experts say the drop in sales likely is the result of many of its clients shopping online,  the company’s shift away from the company’s previously successful stylish yet affordable line of trendy fashion and home goods, and competition from Wal-Mart and dollar stores. The move away from affordable to upscale put the company in direct competition with Amazon, which shoppers visit within four weeks of their visit to a Target store, according to Kantar Retail.

The company announced in December 2013 that unauthorized access to its customers’ payment data with approximately 40 million credit and debit account numbers and approximately 70 million names and addresses of its clients. The data breach occurred sometime between November 27 2013 and December 15 2013.

Although Target has not provided any details about how the data was breached, security experts speculate the company’s Point of Sale equipment, or a network that handles authorization and settlement were compromised. In February a security expert said the company’s network may have been breached with malware contained in phishing emails sent to staff at an HVAC company [pdf] that services Target stores.

In a press release the company outlined the steps it has taken to strengthen its networks including monitoring, network segmentation, limits on vendor access and enhancing security including two factor authentication across more than 400,000 accounts of its staff.

Verizon Enterprise Solutions, the investigator hired by the company, is said to have completed and is distributing its comprehensive report that provides details about possible deficiencies in Target’s cybersecurity.

Target directors have initiated a search for a replacement CEO and are using Korn Ferry, a global recruiter specializing in leadership searches.

Phishing emails are created by attackers to steal sensitive information by making the emails appear to come from trustworthy sources. Malware is software installed on computers, often surreptitiously, which is designed to steal sensitive information like usernames and passwords.