Almost six months after a hacker collective breached Target’s cyberdefenses and made off with millions of customers’ personal data, Target CEO Gregg Steinhafel has chosen to resign, effective immediately.
Target’s lengthy official statement on the matter is full of those standard-issue statements that usually accompany an executive departure (“The board is deeply grateful to Gregg for his significant contributions and outstanding service,” and so on), except for the one portion that hints at Steinhafel assuming responsibility for the attack: “Most recently, Gregg led the response to Target’s 2013 data breach. He held himself personally accountable and pledged that Target would emerge a better company.”
By the time Target identified and shut down the vulnerability in its IT systems, attackers had made off with customers’ names, credit- and debit-card numbers, card expiration dates, and the highly sensitive security codes that allow customers to make online purchases. Even if the attack hadn’t coincided with the busiest shopping period of the year, its high profile pretty much ensured that heads would roll among Target’s executives—and roll they did, starting with the company’s CIO, who resigned in early March.
In the wake of the breach, Target also hired a Chief Information-Security Officer (CISO) to oversee technical and operational security issues, in addition to a Chief Compliance Officer (CCO) responsible for risk-assurance analysis and the company’s compliance with federal financial reporting regulations. The new CIO and CEO will, presumably, spend a considerable portion of their time on information security.
If there’s a silver lining to Target’s troubles, it’s that news of the breach has led to more companies investing in IT security personnel and infrastructure. At the same time, however, the departure of Target’s senior executives is a tense reminder that a massive breach can cost anyone their job: hacking isn’t a problem limited to your IT department.
- Target Hack Suggests Era of Big Data Breaches is Upon Us
- Target Admits 110 Million Victims in Data Breach, Not 40 Million
- The Next Big Data Arena: Fraud Prevention