Target announces departure of CEO after data breach

Gregg Steinhafel has been steering the company through tough times, but will soon be replaced

When bad things happen to big companies, a big name firing is practically an inevitability. In the case of the Target data breach, it’s CEO Gregg Steinhafel. The company’s board of directors released a statement Monday morning announcing the departure of Steinhafel, though it’s not clear whether he resigned or if he was terminated. While his positions as CEO and Chairman will be filled by others, he will stay on temporarily in an “advisory capacity” until the transition is complete.

In the meantime, CFO John Mulligan will act as interim CEO while Roxanne S. Martin, a current board member, will serve as non-executive Chair of the board.

Steinhafel has been with Target for 35 years, so this isn’t just a simple swap out. The data breach was a big ass deal, compromising the information of 70 million customers, including names, mailing addresses, phone numbers, and email addresses. That’s in addition to stolen card numbers and PINs. The breach took place between November 27 and December 15—taking advantage of one of the busiest shopping weekends of the year.

Compromised card swipers were the main culprit, which means only in-store shoppers were affected. Target reported a massive 46% drop in net profit during the fourth quarter, which is the critical holiday quarter for retailers. The company also funneled $61 million away in costs related to the breach.

Interestingly, while shares had dropped some 16% between November and February, they were just starting to stabilize again prior to today’s announcement. Shares closed at $62 on Friday (they were at $63.55 on December 18, 2013), but they dropped 3% Monday morning.

Steinhafel actually seemed to be doing quite a bit to help the company navigate the data breach. The company invested $5 million in a cyber security coalition and has since announced that as of this September, it would switch the Target-branded REDcard to a “chip and pin” card. “Chip and pin” cards are pretty standard throughout Europe and are considered much more secure than U.S. credit and debit cards. The move, which will cost the company $100 million, makes Target one of the first major U.S. retailers to make the switch.

Additionally, last week the company announced the appointment of Bob DeRodes as Target’s new Chief Information Officer and EVP. DeRodes—who has over 40 years of experience with the U.S. Department of Homeland Security, the U.S. Secretary of Defense, and the U.S. Department of Justice—will oversee Target’s technology team and operations. So it sounds like Target is literally waging a war against cyber crime. The company is still on the hunt for a chief information security officer and a chief compliance officer.

The statement notes that in terms of the data breach, Steinhafel “held himself personally accountable and pledged that Target would emerge a better company. We are grateful to him for his tireless leadership and will always consider him a member of the Target family.”

Image source: target.com