The CEO of Target is the latest casualty of the big-box retailer's disastrous holiday data breach.
The company said that chief exec Gregg Steinhafel would be leaving the company after 35 years,vacating both the CEO and president roles as well as his seat as chairman of the company's board of directors.
Steinhafel had overseen the company as CEO since 2008 and as president since 2009. According to a Bloomberg profile, Steinhafel joined the company as a trainee in 1979 and rose through the ranks at Target to take over the top role at the retail giant.
More recently, Steinhafel saw Target embarrassed and dangerously exposed when in December federal investigators notified the company of a possible breach in its payment card systems.
Further investigations revealed that hackers had penetrated Target's retail network to install data-harvesting malware on point-of-sale systems over the holiday shopping season. The result was the loss of 40 million card numbers and one of the worst retail data breaches ever.
Subsequent investigations found that Target's corporate management failed to act on warnings issued by the company's network security systems and only moved on the breach when outside investigators noticed suspicious activity. The breach was eventually traced to a network intrusion at a third-party contractor.
In the wake of the attack, Target has axed a number of executives, including CIO Beth Jacobs, who was recently replaced by Homeland Security veteran Bob DeRodes.
"[Steinhafel] held himself personally accountable and pledged that Target would emerge a better company," the company said in a statement. "We are grateful to him for his tireless leadership and will always consider him a member of the Target family."
With Steinhafel stepping down, Target will make CFO John Mulligan interim chief and Roxanne S. Austin will assume chairwoman responsibilities. The company said that Steinhafel will stay with Target as an adviser while the firm looks for permanent CEO and board chair candidates. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks