NEW YORK (AP) — Target’s massive data breach has now cost the company’s CEO his job.
Target announced Monday that Chairman, President and CEO Gregg Steinhafel is out nearly five months after
the retailer disclosed the breach, which has hurt its reputation among customers and hammered its
business.
Experts say his departure marks the first CEO of a major corporation to resign in the wake of a data
breach and underscores how CEOS are now becoming more at risk in an era when such breaches have become
common.
The nation’s third-largest retailer said Steinhafel, a 35-year veteran of the company and CEO since 2008,
has agreed to step down, effective immediately. He also resigned from the board of directors.
The departure suggests the company is trying to start with a clean slate as it wrestles with the fallout
from hackers’ theft of credit and debit card information on tens of millions of customers. The company’s
sales, profit and stock price have all suffered since the breach was disclosed.
A company spokeswoman declined to give specifics on when the decision was reached. But in a statement
issued Monday, the board said that that after extensive discussions with Steinhafel, they both “have
decided it is the right time for new leadership at Target.”
The company’s stock fell more than 3 percent Monday morning.
Target, based in Minneapolis, said Chief Financial Officer John Mulligan has been appointed interim
president and CEO. Roxanne S. Austin, a member of Target’s board, has been named as interim nonexecutive
chair of the board. Both will serve in those roles until permanent replacements are named.
Steinhafel will serve in an advisory capacity during the transition. Jim Johnson remains lead independent
director on the board.
“He was the face of the public breach. The company struggled to recover from it,” said Cynthia Larose,
chair of the privacy and security practice at the law firm Mintz Levin. “It’s a new era for boards to
take a proactive role in understanding what the risks are.”
Steinhafel’s tenure has been tested with many challenges, from a weak economy to a proxy fight. The
company, known for its cheap chic clothing and home decor, has seen uneven sales since the recession
ended and has battled a perception that its prices aren’t as low as its rivals.
Under Steinhafel’s leadership, the company has won kudos for expanding into fresh groceries and offered a
5 percent discount to customers who use its branded debit and credit cards. In 2009, he successfully
defended the company against a proxy fight against activist hedge fund manager William Ackman, who was
pushing his own slate of candidates to the board.
But the company recently has been faced with fiercer competition from Amazon.com and Wal-Mart Stores Inc.
Recently, difficulties with expansion in Canada, Target’s first foray outside the U.S., has hurt
profits. But the breach was the biggest black eye on Steinhafel’s tenure.
“Ultimately, too much rained down on Gregg Steinhafel,” said Brian Sozzi, CEO and chief equities
strategist at Belus Capital Advisors. “There was no way he could escape the black vortex of news.”
In March, Target said in it annual report that the breach has spawned dozens of legal actions and said it
can’t estimate how big the financial tab will be. It also acknowledged separately that security software
picked up on suspicious activity after the cyber attack was launched, but the company decided not to
take immediate action because it believed it did not warrant immediate follow-up.
Target’s response since disclosing the breach has included free credit monitoring for affected customers
and and overhaul of security systems.
“The last several months have tested Target in unprecedented ways,” Steinhafel wrote in a letter to the
board that was made available to The Associated Press. “From the beginning, I have been committed to
ensuring Target emerges from the data breach a better company, more focused than ever on delivering for
our guests.”
The board said it has hired consultant Korn/Ferry International to search for a new CEO.
Steinhafel’s departure comes two months after the company announced that Chief Information Officer Beth
Jacob resigned. Last week, Target named Bob DeRodes, who has 40 years of experience in information
technology, as its new chief information officer.
Target said it is continuing its search for a chief information security officer and a chief compliance
officer.
Target also said last week that MasterCard Inc. will provide its branded credit and debit cards with a
more secure chip-and-PIN technology next year. That will make Target the first major U.S. retailer to
have store cards with this technology.
Steinhafel has faced increasing pressure since it was revealed on Dec. 19 that a data breach compromised
40 million credit and debit card accounts between Nov. 27 and Dec. 15. Then on Jan. 10, the company said
hackers also stole personal information — including names, phone numbers as well as email and mailing
addresses — from as many as 70 million customers.
The company’s board has been meeting with Steinhafel monthly instead of quarterly to oversee Target’s
response to the breach.
When the final tally is in, Target’s breach may eclipse the biggest known data breach at a retailer, one
disclosed in 2007 at the parent company of TJ Maxx that affected 90 million records.
Target reported in February that its fourth-quarter profit fell 46 percent on a revenue decline of 5.3
percent as the breach scared off customers.
Target’s sales have been recovering as more time passes, but it expects business to be muted for some
time. It issued a profit outlook for the current quarter and full year that missed Wall Street estimates
because it faces hefty costs related to the breach.
Target’s shares have been volatile and are down 2.5 percent since the breach was disclosed. Shares fell
$1.95 to $60.06 in early afternoon trading.
