There aren’t many companies with a bigger bunker mentality than Target, so it’s unlikely we’re ever going to get the story behind today’s announcement that president and CEO Gregg Steinhafel has left the company in the wake of last fall’s big data breach.
Steinhafel has “resigned,” which is corporate speak for “he was fired” but in the world of the Forbes 500, we can’t know why. He’s also “resigned” from the board of directors, which presumably is the group that told him he was resigned.
Beth Jacob, the company’s chief information officer, resigned in March saying “it’s time for a change,” which is corporate speak for “she was fired.”
Up to now, people outside the Target didn’t know much about Steinhafel, other than he was hideously into “branding” when taping his various apologies for the data breach.
So what happened here? Presumably neither Jacob, nor Steinhafel directly managed the servers that were infiltrated by the hackers.
The answer might be in a February Wall St. Journal article which said Steinhafel managed the crisis into looking “worse than it really was,” a neat trick considering the fact it really was quite bad.
How did he do that? By telling the public the truth, apparently.
The initial evidence had indicated that credit and debit card numbers of about 40 million Target customers had been stolen. But the retailer had learned later that hackers gained access to partial names and physical or email addresses for as many as 70 million people—a breach that some top executives counseled against disclosing because it was unclear what kind of fraud danger it posed.
Nevertheless, Mr. Steinhafel insisted on making the bigger number public, sparking news reports that as many as 110 million Target customers had been affected.
At the meeting, Chief Marketing Officer Jeffrey Jones groused about the huge number. The public “keeps hearing that equals one third of all Americans,” he said. “That’s hammering us.”
Mr. Steinhafel says he has no regrets about the aggressive disclosure and other costly decisions in the wake of the crisis. “Target won’t be defined by the breach, but how we handle the breach,” he says.
Steinhafel also proposed offering free credit reports and credit monitoring for one year for all of its customers. That apparently didn’t go over big among other company executives, according to the Journal.
Perhaps we should’ve seen Steinhafel’s demise coming when an executive appeared before Congress in March and revealed the company failed to heed warnings from its Bangalore I.T. team that a breach was underway. It took the Justice Department telling Target data was being stolen for the company to act, Bloomberg reported.
What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.
Target’s congressional testimony in March was the first time a Target executive answered questions about the data theft in a public setting. But Steinhafel wasn’t the one empowered to reveal that bombshell. That was done by chief financial officer John Mulligan.
Now, Mulligan has been named to replace Steinhafel.
Steinhafel will be OK. He pulled almost $29 million in compensation from Target last year, and he owns almost $34 million worth of Target stock.
“There is a lot that has gone wrong at TGT over the past few years, and it is critical that the company looks for an outsider to come in, and revisit several strategic mistakes. This is a company that continues to have a great, if tarnished brand, tremendous supply chain, albeit an e-commerce business that is far behind where it needs to be at this point in its online growth strategy,” they wrote in a note to clients, according to CNBC.