Target defends pre-breach actions

In advance of its shareholder meeting, Target (NYSE:TGT) is forming a defense against activist shareholders interested in making changes to the board of directors.

Institutional Shareholder Services, a shareholder advisory group, claims that Target's directors did not deserve to be re-elected because they had not provided adequate risk oversight before the breach that compromised the data of more than 70 million Target shoppers.

"Breaches are occurring across the economy and are affecting a wide range of victims including the U.S. government, the technology and defense industries and more traditional companies, like retailers," reads a letter from Target to shareholders, according to The New York Times. "Your board fully recognizes the importance of its oversight responsibilities in this area. Under the board's leadership and oversight, Target took significant action to address evolving cybercrime risks before the breach."

This contradicts Target's own account of the event. In early March, the company confirmed it had failed to act on early warnings of malicious activity during its massive data breach. "With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement.

The early warnings came from Target's own $1.6 million security system called FireEye, which allegedly sent alerts that failed to get any response. According to an independent review, if Target's security team had taken action after the earliest FireEye alerts, it could have thwarted the cyber attack.

According to Target, however, these alerts didn't go unnoticed and after an internal investigation, they were dismissed as inconsequential.

Target has certainly been quick to take action following the breach: driving out the CEO who presided over the recent decline, shuffling top executives in multiple departments and aggressively introducing new digital initiatives — like this advisory council — to help get the retailer back on track.

Gone is CIO Beth Jacob, under whose watch the data breach occurred. Gone is CEO Gregg Steinhafel and Tony Fisher, head of Target Canada, the division that lost nearly $1.6 billion its first year.

For more:
-See this New York Times story
-See this Forbes blog post

Related stories:
Target failed to act on security warnings 
Target CMO responds to employee rant
Target CEO Gregg Steinhafel to step down immediately
Target: Timeline of a data breach
Target's data breach is a story with long legs