The data breach was the last straw for Target Corp. Chief Executive Officer Gregg Steinhafel.
After last year’s hacker attack compromised the personal data of millions of shoppers and added to the retail chain’s woes, the board replaced Steinhafel as chairman and CEO today, saying the time was right for new leadership. John Mulligan, Target’s chief financial officer, will serve as interim CEO while the company seeks a permanent chief, according to a statement. Board member Roxanne Austin, a former DirecTV executive, will be interim chairwoman.
Steinhafel, a 35-year Target employee, was already under scrutiny for lagging rivals in e-commerce and overseeing a Canadian expansion that lost almost $1 billion last year. The pressure mounted over the holiday season, when hackers overcame Target’s defenses and stole shoppers’ personal information.
“Failure isn’t one big mistake -- failure is lots of small mistakes that added up to a big mistake,” said Les Berglass, founder and CEO of Berglass & Associates, a New York-based executive-search firm.
Bloomberg Businessweek reported in March that Target had ignored warnings from its hacker-detection tools, missing an opportunity to stop the attack sooner. The breach compromised 40 million credit card numbers -- along with 70 million addresses, phone numbers and other pieces of information.
After the attack became public in December, Target’s reputation and foot traffic took a hit. The Minneapolis-based company’s U.S. comparable-store sales decreased 2.5 percent in the fourth quarter. Target replaced its top technology executive in the wake of the breach.
“They need some fresh blood at the top that can facilitate some change,” Joe Feldman, a New York-based analyst at Telsey Advisory Group, said in an interview on Bloomberg Television. “They wanted to clear the slate.”
The breach was one of several headaches for the once-thriving retail chain. Target is facing more competition from e-commerce rivals such as Amazon.com Inc., and it’s been slow to move into small-format stores, an area where Wal-Mart Stores Inc. is accelerating its efforts. With more than 1,900 stores in North America, Target ranks as the second-largest U.S. discount retailer, behind Wal-Mart.
Target is slated to report its latest quarterly results this month. The company’s annual shareholder meeting also is coming up, and Target may have wanted to ward off investor complaints, Feldman said.
“They’re hearing investor calls for a new change at the company,” he said.
Still, Steinhafel’s abrupt exit sent Target shares down 3.5 percent to $59.87 at the close in New York, erasing about $1.4 billion of market value. The stock has declined 15 percent in the past year.
In March, Target told a Senate panel that it had clues about the attack weeks before responding and was exploring why it took so long to react. Sometime after intruders entered Target’s systems on Nov. 12, their activities were detected and evaluated by security professionals, according to remarks Mulligan submitted to the panel. The company was later alerted to suspicious activity by the U.S. Justice Department, leading to an internal investigation that confirmed a breach on Dec. 15.
“We are asking hard questions about whether we could have taken different actions before the breach was discovered that would’ve resulted in different outcomes,” Mulligan said at the time. “In particular, we are focused on what information we had that could have alerted us to the breach earlier; whether we had the right personnel in the right positions; and ensuring that decisions related to operational and security matters were sound.”
Several senators criticized Target’s management for not reacting sooner to the early warnings. The Senate Committee on Commerce, Science and Transportation, which prepared a report ahead of the hearing, found that Target appeared to have missed opportunities “to stop the attackers and prevent the massive data breach.”
The board said today that Steinhafel held himself personally accountable for the breach and “pledged that Target would emerge a better company.” Steinhafel, who had been CEO since 2008, will remain an adviser to the retailer during the transition.
When Steinhafel was rising up through Target’s merchandising ranks, he played a key role in helping the chain differentiate itself from Wal-Mart. In the early 1990s, he revamped its selection, forged partnerships with well-known designers and focused on higher-income shoppers.
In recent years, the company has suffered missteps, including the push into Canada. Canadians, who for years had shopped at Target just over the border in the U.S., have been disappointed that prices at the new stores are higher. Local competitors also cut their prices to make Target’s entry more difficult. The operation lost $941 million before interest and taxes in 2013, reducing the year’s profit by $1.13 a share.
“They need some new leadership in there,” said Brian Yarbrough, an analyst at Edward Jones in St. Louis. “The U.S. has been struggling, the Canadian expansion has been a disaster, and then you throw in the data breach.”
As part of his departure, Steinhafel is entitled to severance payments, Target said in a separate filing today. According to the company’s proxy statement last year, the executive was eligible for about $9.26 million if he left voluntarily and about $26.6 million if it was involuntary but not for cause.
The company also has hired the recruitment firm Korn Ferry to advise the board. Target will probably seek candidates with a retail background, Feldman said. He sees HSN Inc. CEO Mindy Grossman, Victoria’s Secret CEO Sharen Turney and Bon-Ton Stores Inc. CEO Brendan Hoffman as possibilities.
CtW Investment Group, a union-backed pension-fund firm, called on Target to keep the chairman and CEO roles separate following Steinhafel’s departure. The group, a Target shareholder, argues that a strong independent chairman would help the board keep a closer watch on data security.
“The board needs now to take bold steps to address the leadership crisis, which last year’s data breach so painfully revealed,” Etelvina Martinez, CtW’s corporate governance manager, said in an e-mailed statement. “For this reason, we expect the interim separation of these two important roles to become a permanent one.”
Target isn’t the only retailer to have its systems attacked in the past year. Luxury department-store chain Neiman Marcus Group Ltd. said in January that about 1.1 million credit cards may have been compromised in a data breach. Days later, arts-and-crafts retailer Michaels Stores Inc. said some customer payment-card data may have been used fraudulently.
To tighten security, retailers are upgrading their systems to comply with a chip-based smart-card standard known as EMV -- named for Europay-MasterCard-Visa, the companies that first backed the technology. Credit card networks have set an October 2015 deadline for most U.S. merchants to upgrade their payment systems.
Target also hired a new technology chief last month: Bob DeRodes, a former adviser for the Department of Homeland Security, the Justice Department and the Secretary of Defense. He replaced Beth Jacob as chief information officer, following her departure in March. In addition, the company named MasterCard Inc. as the processor for the more secure house-brand credit and debit cards that it plans to introduce next year.
A new CEO will have to build on what Target is doing right, while bringing “a fresh perspective,” Yarbrough said.
“You don’t want someone new who comes in and makes a bunch of wholesale changes,” he said.