Target seeks to realign security and IT, seeks CISO

Target (NYSE: TGT) is looking to fill critical IT roles following the resignation of CIO Beth Jacob, as it seeks to overhaul security and IT in the wake of its massive data-breach.

Hackers gained access to 40 million credit and debit card accounts and personal information on more than 70 million additional shoppers in November and December of last year, in what could be the largest security breach at a retailer to date.

Jacobs resigned March 5, and Target CEO Gregg Steinhafel said the company is looking for someone to act as interim CIO. The retailer is also looking for a chief information security officer (CISO) and will realign oversight of critical IT security functions. Target is looking outside the company for the CISO and a chief compliance officer.

Before the breach, information security functions at Target were shared among a variety of executives. Responsibilities and oversight will now be realigned and the new CISO will centralize those responsibilities, said the company. The current VP of assurance risk and compliance had plans to retire at the end of March and Target will separate the responsibility for assurance risk and compliance, according to an AP report.

The fact that Target didn't have a CISO prior to the incident helps explain why some of what went wrong, did. It harkens back to the massive data breach suffered by Sony in April 2011. Sony didn't have a CISO either before hackers gained access to personal information across three networks, including for 77 million users of Sony's PlayStation Network and Qriocity services, and an additional 25 million users of Sony Online Entertainment. The breach forced Sony to shut down its PlayStation Network for weeks.

Target continues to suffer from the prolonged negative effects of the breach. Target's customer traffic in January, online and in stores, hit its lowest point in three years: 33 percent of U.S. households shopped at Target in January, compared with 43 percent in January 2013, according to consulting group Kantar Retail.

Target is also working with an outside adviser, Promontory Financial Group, to help it evaluate its technology, structure, processes and talent as part of the overhaul, said AP. Target has accelerated a $100 million effort to roll out chip-and-PIN based credit card technology.

For more:
-See this Associated Press article

Related stories:
Target customer visits decline sharply in the wake of breach
Target: Timeline of a data breach
Target's data breach is a story with long legs
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them