Target (NYSE: TGT) is moving forward from its massive data breach with the addition of a new CIO. The company announced today that Bob DeRodes, who has advised the U.S. Department of Homeland Security, the Department of Justice and the Secretary of Defense, will become CIO on May 5.
Target's previous CIO departed from the company in early March amid the retailer's recovery from the cyber attack that compromised payment data of more than 70 million Target shoppers during the holidays. While the top information post has been filled, Target is still actively searching for a chief information security officer and a chief compliance officer to round out its data security team.
DeRodes comes to Target with more than 40 years of experience and is a recognized leader in information technology, data security and business operations. The security exec has held top technology positions at a number of multinational companies including CitiBank, USAA Federal Savings Bank, First Data, Home Depot and Delta Air Lines.
Target also said today it is implementing MasterCard chip-and-PIN technology in its branded credit and debit cards. By September, new payment terminals will be installed in stores, and by early 2015, Target will be able to accept these payments from all of its Target branded REDcard credit and debit cards. Existing Target Visa cards will be reissued as MasterCard co-branded chip-and-PIN cards.
Target's history with chip-and-PIN cards dates back to 2004, when the company halted a three-year pilot program that would have made it the first retailer to implement the technology. Target said then that customers didn't see the benefits of the cards and the program's $40 million price tag was too much (by contrast, the breach has cost banks $153 million). PIN-based cards are equipped with both an embedded chip and a traditional magnetic stripe. Cardholders must enter their PIN or sign for each transaction to be approved. If the card is stolen, the embedded microchip makes the card extremely difficult to counterfeit or copy.
Since Target's breach was uncovered in December, the company has spent $5 million to support a new cybersecurity coalition that will educate the public on the dangers of cybercrime and phishing scams. Target has also hired Experian to provide its ProtectMyID credit monitoring and identity theft protection service to any Target customer who shopped in one of its U.S. stores.
In February, investigators confirmed that the data breach was linked to a hacker who gained access using the stolen security credentials of a Pennsylvania-based heating and refrigeration contractor that services Target stores.
-See this Target press release
Target: Timeline of a data breach
Target's data breach is a story with long legs
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them