Target's chief information officer is hanging it up. Beth Jacob is resigning effective Wednesday in the wake of a massive data breach that left a smear on the company's brand and a dent in its profits, according to The Associated Press.
The Target breach led to the theft of 40 million credit and debit card accounts in transactions that occurred from Nov. 27 to Dec. 15. But the data theft took a heavier toll on the retailing giant's customers, affecting about 45.7 million shoppers in 2005. KrebsOnSecurity broke the news last month that at the heart of the costly breach were network credentials stolen from a third-party vendor.
Nevertheless, it appears Jacob is taking the fall.
"Target Chairman, President and CEO Gregg Steinhafel said in a statement released to The Associated Press that the company will search for an interim chief information officer who can help guide the company through the transformation. Jacob had been in her current role since 2008 and oversaw teams in the U.S. and India," the AP reported.
What Really Happened?
Target isn't the only retailer to see a breach recently. Neiman Marcus said after Target's problems became public that it, too, may have been breached. And just Wednesday Sally Beauty Holdings responded publicly to rumors of a systems breach.
"Recently, our systems detected an attempted intrusion into our Sally Beauty Supply LLC network, and we believe we promptly mitigated potential issues arising from this intrusion," the company said in a statement. "As a result of our ongoing investigation, which included assistance from a top-tier security firm, we have no reason to believe there has been any loss of credit card or consumer data. We will continue to investigate and actively monitor this situation."
We caught up with Chester Wisniewski, senior security adviser at Sophos, to get his thoughts on the Target CIO resignation and the Sally Beauty Supply breach. Although he had no comment on Target, he told us details on the Sally breach were scant. That, he said, makes it hard to know what happened.
Would Chip Tech Help?
"It would be a reasonable conclusion that something similar to what happened at Neiman Marcus and Target occurred at Sally Beauty Supply," Wisniewski said. He went on to point out how susceptible American retailers are to this type of attack due to the lack of chip technology in credit cards used in the U.S.
In fact, he's not so sure retailers are 100 percent to blame for the rash of data breaches lately.
"While retailers certainly have a responsibility to customers and shareholders to prevent this type of theft, the best way to solve the problem is to stop using 16 digits as if they are a secret code that unlocks people's bank accounts," Wisniewski said. "The card industry itself has at least as much responsibility for resolving this problem as the merchants."