This morning US retail giant Target announced that it was parting ways with Gregg Steinhafel, its chairman, president and CEO.
It is less than five months since Target revealed that it had suffered a devastating data breach, which saw the personal information of up to 70 million customers’ stolen, and 40 million credit card details exposed.
In the wake of the massive security breach, customer trust in shopping at the store was hit, and the company’s sales, profit and stock price all suffered. Just two months ago Target’s executive vice president of technology services and chief information officer, Beth Jacob, resigned her position.
It seems Target’s board realised that a further clear and loud statement had to be made that the company had changed its ways – and Steinhafel’s position became more of an obstacle to changing the retailer’s troubled security image than an asset.
Most recently, Gregg led the response to Target’s 2013 data breach. He held himself personally accountable and pledged that Target would emerge a better company. We are grateful to him for his tireless leadership and will always consider him a member of the Target family.
Ironically, with all of the attention that Target has received since its disclosure last December, it probably now has more executives keeping at the front of their mind the critical issues of how to protect its customers’ data than many of its competitors.
It’s just a shame that such a devastating breach had to happen for that shift in thinking to occur.
If there’s any silver lining on this entirely ghastly episode, it’s that other companies might have seen the horrible mess that Target got itself and its customers into, and will be taking measures to ensure that they are not the next corporation to make the headlines for all the wrong reasons.
If you work in an IT department, and think that your board isn’t taking information security seriously enough, then perhaps reminding your executive team about just how badly Target has been affected by its data breach will help focus their minds.
The security incident at Target affected a huge number of people, and has cost the company a great deal of money, but ultimately the bosses recognised they had to hold themselves personally accountable for what went wrong, and have lost their jobs as a result.
The data breach at Target wasn’t the first incident of a major retailer being hacked, and it wasn’t the last either. What’s essential is that all of us, whether responsible for protecting our home or work computers, takes steps to reduce the chances of a hack being successful.
If you’re not sure where to start when it comes to better securing the business you are working at, check out Stephen Cobb’s cyber security road map for smaller businesses.
Author Graham Cluley, We Live Security