Target to Hire New CIO, Revamp Security

Retailer Also Adding a CISO in Wake of Massive Breach
Target to Hire New CIO, Revamp Security
Former Target CIO Beth Jacob

In the wake of its massive data breach last year, Target Corp. is overhauling its information security and compliance practices, launching a search for a new CIO and creating the position of chief information security officer, says CEO Gregg Steinhafel.

See Also: Gartner Market Guide for DFIR Retainer Services

"While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," Steinhafel says in a statement provided to Information Security Media Group. "To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices."

The first step in that overhaul is conducting an external search for an interim CIO to replace Beth Jacob, who resigned March 5. Jacob had served as CIO since 2008, according to her company biography.

In a letter to Steinhafel obtained by The New York Times, Jacob said her resignation was "a difficult decision," but noted that "this was a time of significant transformation for the retail industry and for Target."

Hiring a CISO

Steinhafel reveals in his statement to ISMG that Target is now "elevating the role" of its chief information security officer and hiring outside the company to fill the position. Target also plans to initiate an external search for a chief compliance officer, he says.

Target is working with Promontory Financial Group to "evaluate our technology, structure, processes and talent as a part of this transformation," Steinhafel adds.

Until now, Target's information security functions have been handled by a variety of executives, The New York Times reports. Bringing on a new CISO is expected to centralize the company's security responsibilities.

Compliance duties had previously been overseen by Target's vice president of assurance risk and compliance, who plans to retire at the end of March, according to The Times. Target is now separating the responsibilities for assurance risk and compliance.

Malware Incident

On Dec. 23, Target confirmed malware was to blame for an infection of its point-of-sale system that likely exposed details associated with 40 million debit and credit cards between Nov. 27 and Dec. 15. The breach also affected personal information on up to 70 million customers.

The security incident contributed to a 46 percent decline in the company's net earnings in the fourth quarter of its 2013 fiscal year.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.