Target (NYSE: TGT) took one step closer to rebuilding its IT team with the addition of Bob DeRodes as EVP and CIO, effective May 5. DeRodes will assume oversight of the Target technology team and operations, with responsibility for the ongoing data security enhancement efforts as well as the development of Target's long-term IT and digital roadmap.
There's a long road ahead for DeRodes, and Target, as the retailer works to bolster security, implement a new payments program and restore shopper trust, following the data breach that compromised payment and personal data of more than 70 million shoppers during the holiday season.
"Establishing a clear path forward for Target following the data breach has been my top priority. I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology. Bob's history of leading transformational change positions him well to lead our continued breach responses and guide our long-term digital strategy," said Gregg Steinhafel, Target president and CEO.
DeRodes is a high profile pick. He has advised the U.S. Department of Homeland Security, the Department of Justice and the Secretary of Defense. During his more than 40 years of experience he held top technology positions at a number of companies including CitiBank, USAA Federal Savings Bank, First Data, Home Depot and Delta Air Lines.
Beth Jacobs, Target's previous CIO resigned in early March. Target is still actively searching for a chief information security officer (CISO) to realign oversight of critical IT security functions. It's a new role within the retailer. Before the data breach, information security functions at Target were shared among a variety of executives and it helps to explain some of what happened last fall.
Target also said it is implementing MasterCard chip-and-PIN technology in its branded credit and debit cards and is on track to have new payment terminals installed in stores this fall. By early 2015, Target will be able to accept chip-and-PIN payments from all of its Target branded REDcard credit and debit cards. Existing Target Visa cards will be reissued as MasterCard co-branded chip-and-PIN cards.
It's an ironic turn of events for Target, which tried to implement chip-and-PIN cards in 2004, but abandoned the program. Target claimed that adoption rates were lagging and it could no longer justify the program's $40 million price tag (by contrast, the breach has cost banks $153 million). Since Target's data breach was discovered in December, the company has spent $5 million to support a new cybersecurity coalition that will educate the public on the dangers of cybercrime and phishing scams. Target is also footing the bill for one year of credit monitoring and identity theft protection for shoppers potentially affected by the breach.
-See this Target press release
Target: Timeline of a data breach
Target's data breach is a story with long legs
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them