Following its recent epic breach, Target has announced that it’s putting its technology through the wringer.
Its CIO, Beth Jacob, has already gone down the drain.
The beleaguered US retailer announced on Wednesday that it’s going to overhaul its information security practices.
At the same time, Target announced that Jacob has resigned – the first high-level executive to leave following a breach over the Christmas holiday shopping season.
That breach led to the theft of some 40 million credit and debit card records, along with another 70 million customer records.
That’s a total of at least 70 million records, given that some of the two data sets may be duplicates. Naked Security took no pleasure in doing it, but given the likely size of the breach, we ushered Target into the "100 million plus" club, along with Adobe and Sony.
Target told Reuters in an email on Wednesday that it plans to replace Jacob with an external hire.
In January, Target admitted that there was malware on its point-of-sale (PoS) registers – what Naked Security’s Paul Ducklin has assumed is a specialized botnet, designed to hook together Target’s PoS registers into a network of data-stealing Trojans under criminal control.
Jacob had her hands on the reins during a time when, it turns out, a thorough security review had been advised by at least one analyst just months before the breach, prior to Target’s planned upgrade of its payment system.
We don’t know if the review actually happened, or whether it was lost in the cacophony of warnings security teams and government agencies constantly put forth.
But the buck, apparently, stopped at Jacob’s desk.
Jacob has already been wiped from Target’s leadership roster, but a cached corporate bio says that she was first hired in 1984 as an assistant buyer.
She went on to become director of Target’s guest contact centers and promoted to vice president in 2006. In 2008, she was promoted to the position she held when the massive breach went down: executive vice president of Target Technology Services and CIO.
Target Chief Executive Gregg Steinhafel reportedly said that the retailer plans to elevate the role to chief information security officer as part of its plan to tighten security. It’s also creating a new position: chief compliance officer.
Steinhafel said that the security consultant Promontory Financial Group will be advising Target as it evaluates how it’s doing things.
From his statement, as quoted by the Los Angeles Times:
While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly.
To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target.