* CIO Jacob first top executive to leave after data breach
* Target to look externally for replacement, CEO says
* Company will also create role of chief compliance officer
By Aditi Shrivastava and Maria Ajit Thomas
March 5 Target Corp announced an
overhaul of its information security practices and the
resignation of its chief information officer as the retailer
tries to reassure customers and investors after a massive data
breach late last year.
CIO Beth Jacob is the first high-level executive to leave
the company following the breach, which led to the theft of
about 40 million credit and debit card records and 70 million
other records of customer details.
Jacob, who comes from a sales background and has been CIO
since 2008, will be replaced by an external hire, Target said in
an email to Reuters on Wednesday.
"It's a decision that should have been made by the CEO on
Jan. 1, not through the resignation of an employee that
overlooked critical weakness in the operating model," Belus
Capital Advisors CEO Brian Sozzi said.
The breach at Target was the second largest at a U.S.
retailer, after the theft of more than 90 million credit cards
over about 18 months was uncovered in 2007 at TJX Cos Inc
, operator of the T.J. Maxx and Marshalls chains.
Hacking has become a major concern for retailers in the
United States. In the latest reported breach, beauty products
retailer and distributor Sally Beauty Holdings Inc said
on Wednesday its network had been hacked but no card or customer
data appeared to have been stolen.
Target Chief Executive Gregg Steinhafel said the company
would elevate the role of chief information security officer as
part of its plan to tighten its security.
The company will also look externally to fill that position
as well as the new position of chief compliance officer.
Steinhafel said Target would be advised by security
consultant Promontory Financial Group as it evaluates its
technology, structure, processes and talent.
"I believe this is definitely a measure in restoring faith
and really showing that they are taking the breach seriously,"
Heather Bearfield, who runs the cybersecurity practice for
accounting firm Marcum LLP, told Reuters.
Target, the third-largest U.S. retailer, said last week
customer traffic had started to improve this year after falling
significantly toward the end of the holiday shopping season when
news of the cyber attack spooked shoppers.
Target shares were down 1.2 percent at $60.57 in afternoon
trading on the New York Stock Exchange.