After breach, Target replaces technology chief

NEW YORK — Still pushing to right itself after an enormous data breach last year, Target announced Tuesday that a new chief information officer will oversee the company’s technology team and data security.

The new executive, Bob DeRodes, has held senior technology positions at a variety of companies including Home Depot and Delta Air Lines, and has served as a consultant to several federal agencies, including the departments of Homeland Security, Justice, and Defense, Target said.

The previous head of technology at the retailer, Beth M. Jacob, resigned in March facing questions about whether she had the appropriate training to oversee protection of the company’s computer networks that housed huge amounts of private consumer data.


In addition to appointing Jacob’s replacement, Target announced an accelerated timetable — by early next year — for shifting all of its Redcard debit and credit cards to chip-and-PIN technology, which is widely used in Europe and is considered more secure than cards that rely on magnetic strips. Company executives have been promoting the system industrywide since the breach. Target said it will spend $100 million switching to the new system.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

The company also outlined some of the security measures it has been adapting. It has deployed advanced technology like white-listing, which allows only web traffic that the company knows is innocuous to enter its systems. The company is adding more sophisticated security around its network, including for its payment systems and customer data, which security specialists say the company should have done long ago.

“I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology,” Gregg Steinhafel, Target’s chief executive, said in a statement.

On Dec. 19, just days before Christmas and in the crush of the holiday shopping season, Target acknowledged that credit and debit card information for 40 million customers had been exposed. A few weeks later, the company said a second batch of information, the personal information of some 70 million people, had been compromised as well. The company has since said it believes there is overlap of at least 12 million people between the two groups. Company executives have said that news of the breach significantly hurt traffic and sales, and the company’s earnings underscored that fact. Target’s fourth-quarter profits were down 46 percent compared with the same period the year before.

During that quarter, the company said, it spent $61 million on breach-related expenses, and executives said they expected the costs to continue.


Several other companies, including retailers and a hotel company, have also been hacked in recent months.

Data breaches at Neiman Marcus and the arts and crafts retailer Michaels have been committed by the same band of criminals in Eastern Europe that infiltrated Target, according to people involved in the investigation, who were not authorized to speak publicly.