Target Names New CIO

Still recovering from the aftermath of last fall's data breach, Target Corp. has hired a new technology leader and shared details on additional security enhancements, including plans to incorporate MasterCard chip-and-PIN technology across its REDcard portfolio.

Effective May 5, Bob DeRodes will lead Target’s information technology transformation as executive vice president and chief information officer. In his role, DeRodes will assume oversight of the Target technology team and operations, with responsibility for the ongoing data security enhancement efforts as well as the development of Target’s long-term information technology and digital roadmap. The company is continuing its active search for a chief information security officer and a chief compliance officer.

“Establishing a clear path forward for Target following the data breach has been my top priority," said Gregg Steinhafel, Target chairman, president and CEO. "I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology. Bob’s history of leading transformational change positions him well to lead our continued breach responses and guide our long-term digital strategy.”

DeRodes comes to Target with more than 40 years of experience and is a recognized leader in information technology, data security and business operations. He has been a senior information technology advisor for the Center for CIO Leadership, the U.S. Department of Homeland Security, the U.S. Secretary of Defense, and the U.S. Department of Justice. In addition, DeRodes has provided independent advisory services to corporations, private equity firms and boards. DeRodes has also held top technology positions at a number of industry-leading, multinational companies including CitiBank, USAA Federal Savings Bank, First Data, Home Depot and Delta Air Lines. He also serves on the board of directors for NCR Corporation.

“I look forward to helping shape information technology and data security at Target in the days and months ahead," DeRodes said. "It is clear to me that Target is an organization that is committed to doing whatever it takes to do right by their guests."

Target’s Technology Enhancements

• Since the initial confirmation of the data breach, Target has shared that there has been an active investigation. During that time, the company has taken significant actions to further strengthen security across the network:
• Enhancing monitoring and logging
• Implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities
• Installation of application whitelisting point-of-sale systems
• Implementation of enhanced segmentation, including development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process
• Reviewing and limiting vendor access
• Enhanced security of accounts

Target also announced a significant new initiative as part of the company’s accelerated transition to chip-and-PIN-enabled REDcards. Beginning in early 2015, the entire REDcard portfolio, including all Target-branded credit and debit cards, will be enabled with MasterCard’s chip-and-PIN solution. Existing co-branded cards will be reissued as MasterCard co-branded chip-and-PIN cards. Ultimately, through this initiative, all of Target’s REDcard products will be chip-and-PIN secured.

Earlier this year, Target announced an accelerated $100 million plan to move its REDcard portfolio to chip-and-PIN-enabled technology and to install supporting software and next-generation payment devices in stores. The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores.

“Target has long been an advocate for the widespread adoption of chip-and-PIN card technology,” said John Mulligan, executive VP and CFO for Target. “As we aggressively move forward to bring enhanced technology to Target, we believe it is critical that we provide our REDcard guests with the most secure payment product available. This new initiative satisfies that goal.”

Further, Target has joined the Financial Services Information Sharing & Analysis Center (FS-ISAC), a non-profit private sector initiative developed by the financial services industry to help facilitate the detection, prevention and response to cyber attacks and fraud activity. This step reflects the company’s continued commitment to shared responsibility between retailers and financial institutions with a focus on strengthening protections for American consumers.

The company also continues to voice support for responsible policy measures that help further enhance security for consumers, including supporting a national notification standard for all data breaches.

Minneapolis-based Target Corp. operates 1,924 stores in the United States and Canada.