Surprised no one's mentioned this, but Target's gigantic data breach last winter claimed its highest-profile victim to date earlier today. Company president and CEO Gregg Steinhafel resigned this morning--in effect, taking responsibility for one of the largest data breaches in retail history.
The company’s board made the announcement, saying that the resignation of Mr. Steinhafel, who had been with Target for 35 years, occurred after extensive discussions and that the board wanted new leadership.This move comes almost two months after Businessweek reported that Target's cybersecurity team had enough information to stop the massive leakage of 40 million credit card numbers and 70 million other pieces of personal information before it started--and did absolutely nothing. At a Senate committee hearing last month, Jay Rockefeller and Richard Blumenthal blamed Target's senior executives for the breach.
Known for promoting up through the ranks, the major retailer, one of the country’s largest, said it would conduct a search for Mr. Steinhafel’s successor. In the interim, it named John Mulligan, Target’s chief financial officer, to be president and chief executive, while Roxanne S. Austin, a Target board member, will serve as nonexecutive chairwoman.
“The last several months have tested Target in unprecedented ways,” Mr. Steinhafel said in a letter to the board. “We have already begun taking a number of steps to further enhance data security, putting the right people, processes and systems in place.”
Target has been taking a beating for reasons unrelated to the breach, such as inventory problems and a snafu-filled Canadian expansion. But from the looks of it, Steinhafel may have survived if not for the fallout from the data breach. According to analyst Faye Landes, investment into cybersecurity is ultimately the CEO's responsibility. The AP reports that Steinhafel is the first boss of a major company to be pushed out for a cybersecurity fail.
By falling on his sword, Steinhafel at least showed enough integrity to take responsibility for the breach. In this respect, he looks a lot better than JPMorgan Chase's Jamie Dimon, who by all rights should have resigned after Chase essentially admitted that it knew it had a criminal customer in Bernie Madoff and did nothing. Still, this isn't quite enough to make me come back to Target any time soon except in an absolute emergency.