Earlier this week, former Target Corp. CEO Gregg Steinhafel resigned after “extensive discussions” with the board of directors. Steinhafel’s resignation stems primarily from Target’s failure to prevent a data breach this past holiday season that compromised 40 million credit card numbers and 70 million addresses, phone numbers, and other personal information. Prior to stepping down, Steinhafel, 59, was with Target for 35 years. He started as a merchandise trainee, and worked his way up to CEO in 2008 and chairman in 2009.
Reports indicate that Target ignored warnings from its hacker-detection tools, thus missing an opportunity to prevent the attack before it could claim the personal information of so many. For example, Bloomberg Businessweek published an article in March stating that on November 30, Target’s cybersecurity system notified Target’s headquarters of questionable activity, yet the company stood by and did nothing. Since disclosing the breach on December 18, Target has admitted that its sales have fallen. Target’s profit for the holiday shopping season fell 46 percent from the same quarter the year before. Analysts are predicting a 12% drop in first quarter earnings. Additionally, the breach resulted in a downgrade of the company’s credit rating, and more than 90 lawsuits have been filed, citing the breach as a cause of action.
The writing has been on the wall that heads would roll. The first to go was CEO Gregg Steinhafel. Other executives and directors must take a cue from Steinhafel’s departure, understand the gravity of cybersecurity, and ensure that they take proactive measures to prevent an attack. Otherwise, they, like Steinhafel, may find themselves on the chopping block.