Target Appoints New Chief Information Officer and Updates Security Enhancements
Target Corp. announced the company has hired a new technology leader to help guide the company's information technology transformation. Target also provided details on additional security enhancements the company has made following its 2013 data breach, and shared plans to incorporate MasterCard chip-and-PIN technology across its REDcard portfolio.
Effective May 5, Bob DeRodes will lead Target's information technology transformation as executive vice president and chief information officer. In his role, DeRodes will assume oversight of the Target technology team and operations, with responsibility for the ongoing data security enhancement efforts as well as the development of Target's long-term information technology and digital roadmap. The company is continuing its active search for a chief information security officer and a chief compliance officer.
"Establishing a clear path forward for Target following the data breach has been my top priority. I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology. Bob's history of leading transformational change positions him well to lead our continued breach responses and guide our long-term digital strategy," said Gregg Steinhafel, Target chairman, president and chief executive officer.
DeRodes comes to Target with more than 40 years of experience and is a recognized leader in information technology, data security, and business operations. He has been a senior information technology advisor for the Center for CIO Leadership, the U.S. Department of Homeland Security, the U.S. Secretary of Defense, and the U.S. Department of Justice. In addition, DeRodes has provided independent advisory services to corporations, Private equity firms, and boards. DeRodes has also held top technology positions at a number of industry-leading, multinational companies including CitiBank, USAA Federal Savings Bank, First Data, Home Depot and Delta Air Lines. He also serves on the board of directors for NCR Corporation.
"I look forward to helping shape information technology and data security at Target in the days and months ahead. It is clear to me that Target is an organization that is committed to doing whatever it takes to do right by their guests," said DeRodes.
Target's Technology Enhancements
Since the initial confirmation of the data breach, Target has shared that there has been an active investigation. During that time, the company has taken significant actions to further strengthen security across the network, just a sampling includes:
- Enhancing monitoring and logging
- Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities
- Installation of application whitelisting point-of-sale systems
- Includes deploying to all registers, point-of-sale servers and development of whitelisting rules
- Implementation of enhanced segmentation
- Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process
- Reviewing and limiting vendor access
- Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols
- Enhanced security of accounts
- Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation
New MasterCard Initiative and Commitment to Chip-and-PIN