Jacob was CIO since 2008, and had a work-your-way up story, having first joined the company in 1984 as a lowly assistant buyer. But she was at the helm during the breach, and presumably took responsibility for the poor security practices that led to the breach.
The retail giant saw 110 million in-store customers compromised by a widespread point-of-sale (PoS) hack during the busy holiday shopping season, with credit card info and other personal details lifted by the BlackPOS malware that was somehow uploaded from a central server. Target confirmed that the server itself was compromised by a third party using stolen credentials, likely taken from Fazio Mechanical Services, a provider of refrigeration and HVAC systems for retailers and other businesses. Fazio is thought to have fallen prey to a social engineering-based email attack. A lack of proper network sequestration allowed the attackers to progress from there, researchers said.
Target CEO Gregg Steinhafel said in a statement that it is revamping its information security practices. “While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly,” he said in a statement. “To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target.”
For one, the big-box store will hire a new chief information security officer and create a brand-new position: chief compliance officer.
Steinhafel said the company is also looking externally for an interim chief information officer to “guide Target through this transformation.”
Security consultant Promontory Financial Group will be advising Target as it goes through its security overhaul.