Target CIO Jacob resigns following data breach

Target CIO Jacob resigns following data breach

Summary: The news about Beth Jacob's departure comes as Target is trying to restore trust in the company's security processes and procedures.

SHARE:
TOPICS: Security
33

Target Chief Information Officer Beth Jacob has reportedly resigned as the company moves to recover from a series of data breaches.

The news, reported by the Associated Press, comes as Target is trying to restore trust in the company's security processes and procedures. Target saw a sales drop off after as many as personal data for as many as 110 million accounts may have been breached.

Jacob had been CIO since 2008. In a recent interview with ZDNet prior to the breaches, Jacob walked through Target's approach to mobile commerce, the in-store experience and ironically how point of sale technology leaves an impression. Target's point-of-sale terminals were at the core of Target's data breach.

Calls are in to Target and we'll update as we hear more. 

So far, the tab for Target's data breach has mostly been covered by insurance. The costs for the fourth quarter were $61 million, but $44 million was covered by insurance.

It's not surprising that Jacob was the one to take the fall. CEO Gregg Steinhafel, who is also under fire amid weaker than expected sales and the data breach, said an interim CIO will be named to work through the transition.

Here's Steinhafel's statement:

While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly. To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target. As a first step in this effort, Target will be conducting an external search for an interim CIO who can help guide Target through this transformation.

We will also be elevating the role of the Chief Information Security Officer and hiring externally for this position. Additionally, we will be initiating an external search for a Chief Compliance Officer. We are also working with an external advisor, Promontory Financial Group, to help us evaluate our technology, structure, processes and talent as a part of this transformation.

Previously: Target's data breach tab mostly covered by insurance so far | How hackers stole millions of credit card records from Target | Target hackers hit air-conditioning firm first as a way in | Target's data breach: It gets worse | Many times bitten, retailers scramble to prevent another Target-like meltdown | Visa CEO: We need better security, EMV chips, tokens

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

33 comments
Log in or register to join the discussion
  • Why is i the CIO's fault?

    I get the C-Stack has the most responsibility, but how much impact do C-Level employees really have on the security and quality of any given product? It doesn't surprise me that someone was going to be the one blamed, but I still fail to see why the CIO in particular must be the one responsible. I highly doubt he wrote a line of any of that code for Point of Sales that was compromised.
    veretax@...
    • Perhaps

      Because he chose Microsoft cloud services because it was cheaper?
      Tony Burzio
      • difference between POS [Point of sale] and you..

        is you sire, are really a Piece of S***
        FYI, Target uses internal cloud and is not dependent on microsoit cloud. Microsoft is no way involved in this breach.. Except that HVAC contractors crednetials have been compromised.
        so, shut your holes and go to your cave...
        teeboy75
        • trolling

          You fed the Troll. Shame on you!
          Doug0915
        • Well, actually, Microsoft is perhaps not entirely blameless

          http://www.microsoft.com/en-us/news/press/2011/mar11/03-21targetpr.aspx
          JustCallMeBC
      • What does that have to do with anything?

        POS systems were breached, not Microsoft's cloud services.

        If anything, they were probably infected because the CIO decided to save money by outsourcing its security work.

        It's probably because of an inside-job, that this happened.
        ForeverCookie
      • What

        What is your point. I did not read that they used Microsoft cloud products. If they did what does it matter. Oh wait you are one of the ABMers. Really when it is something like this refrain from commenting you only make yourself look dumb.
        schultzycom
      • Actually Tony, it's more likely because the supplier SHE allowed access

        to their network uses Linux at their shop, which apparently got hacked, so "hello Target credentials!"....
        William.Farrel
    • You are wrong

      Veretax you could not be more wrong. It is the CIOs exact job to ensure information security at target. EXACT JOB! also, its was a SHE not a HE
      yepoksure
    • many it failures at Target

      There were many IT failures at Target that resulted in the breach, the ongoing nature of the breach, undetected data leakage, misappropriation of servers, compromise of POS systems, ... ...

      The CIO is ultimately responsible for all of IT. Many organizations also have a CSO Chief Security Officer or Security Officer but that person reports to the CIO.

      I'd expect others to be freed from Target's payroll although not so publicly advertised and over time not all at once. hey if you interested send your applicatíon they're hiring. :-)
      greywolf7
  • That's what happens

    ....When you have a CIO that knows virtually nothing about I.T. Most of these non-tech companies have shill CIO's that came from marketing, operations or finance. They look at numbers and how to cut costs while in meetings all day. Then, when something goes wrong everyone in the organization is shocked (rolls eyes).
    butter44
    • Site your source, please

      "Most of these non-tech companies have shill CIO's that came from marketing, operations or finance. "

      Says you. Please show us the stats.
      dougpierson@...
      • Demographics

        Other than the questionable use of 'shill' there is no need for 'stats'.
        Given the demographic age of most CEOs today, coming from a pre pc generation, most of them have any other expertise needed in the business world, except in IT. This is common public knowledge, therefore self evident.
        After all the ubiquitous Net that we take for granted as a fact of life was only in its infancy in 1990.
        PreachJohn
      • Better be quick to read it, as it will be removed...

        Here is a link to target listing her basic history.

        http://pressroom.target.com/leadership/beth-m-jacob-228002

        No IT in there anywhere.
        jessepollard
        • re:

          Yep. To quote:

          "Jacob graduated from the University of Minnesota with a bachelor’s degree in retail merchandising in 1984 and a Masters of Business Administration in 1989."

          The dearly departed founder of my company despised having people working for him who were actual professionals at whatever job they were doing, like say software development. He found it difficult to maintain his self image as the smartest person in the room on any subject when they were around, and it was hard to intimidate them into giving him the answers he wanted instead of ones based on reality. His philosophy was that if he just hired "smart" people, they could figure out any minor technical details like how to create a web application. Of course, his definition of a "smart" person was one who recognized that he was the smartest person in the room on any subject. Did I mention that, prior to founding his own company, he used to be the CIO of a large investment house?
          Sir Name
    • Possibly...

      But there is no evidence in this article that was the case here. Unless you know differently it's best to assume she was at least qualified for her job. Presumably not competent enough though.
      MajorlyCool
      • Sir Vote helps out

        See his post:

        "Jacob graduated from the University of Minnesota with a bachelor’s degree in retail merchandising in 1984 and a Masters of Business Administration in 1989."
        harvey_rabbit
  • Sacrificial Lamb or Truly at Fault

    Something says she is a sacrificial lamb offered to protect the CFO or CEO who probably did not approve a badly needed POS system upgrade because of cost. In many non-tech companies the real IT power is the CFO because they are responsible for budgets. CFO tend to view IT as a cost center to be cut not an internal asset to be supported. This the IT budgets are thin and important initiatives never get started because of money. Upgrading the POS system initially looks like a cost to replace a functioning system when in it is an investment in the company.

    What CFO dismally fail at is understanding that certain projects are more likely to save money and protect good-will. These projects do not have conventional ROIs but protect the company from more massive losses in the future. Target's good-will and reputation has been badly tarnished, hurting business. The exact losses in lost sales and increased insurance costs are not easy to calculate.
    Linux_Lurker
    • Exactly

      They would have seen an estimate for new systems for say $2mil and thought that was too expensive and that the systems were fine. Now compare that $2mil vs $64mil in the 4th quarter alone and now that investment doesnt look quite so bad
      tiderulz
      • Honor Among Thieves

        In the same wise the business world more, or rules of engagement, are still extant in our culture, "It happened on my watch.'' "The buck stops at my desk".
        As I developed above, a CEO is not necessarily hands on qualified in IT. Especially pre pc generation ones.
        So IT is farmed out. Ultimately it is the Top Dog's responsibility to ensure competency and efficiency in all Depts.
        She did the honorable thing. Sometimes a costly public gesture that mea culpa is truly assumed by the Organization. And to signify symbolically a change of regime. "In the way things are done around here.".
        Resignation is done to restore confidence in shareholders and customers.
        PreachJohn