Roxanne Austin, interim board chair of Target Corp.
Target Corp.’s board of directors shot back at an advisory shareholder firm who recommended the ouster of 70 percent of them for their perceived lack of preparation for and inadequate response to Target’s data breach late last year.
In a letter to shareholders filed with the US Securities and Exchange Commission, Interim Chair Roxanne Austin asked for the reelection of all board members during its shareholder meeting on June 11. She said the board “recognizes the importance of its oversight responsibilities in [cybersecurity]” and took actions to address cyber crime before the holiday-season data breach exposed 40 million customer payment-card data and personally identifiable information of another 70 million customers.
The actions, according to Austin, included investments in network security professionals and technology, data security training for employees and operating a security operations center to review suspicious activity. More than 300 employees are devoted to information security, she added. And the retailer is a founding member of the National Cyber-Forensics & Training Alliance.
Nevertheless, Target suffered the worst retail data breach ever and has since started an “end-to-end review of its network security and is moving toward chip-and-PIN technology for credit card processing,” Austin said.
“The board is conducting a broad examination of Target’s risk oversight structure, which will include an examination of the role of senior management, reporting structures and board oversight,” she said.
Late last month Institutional Shareholder Services said in a report it recommended the removal of Austin as well as Mary Minnick, Anne Mulcahy, Derica Rice, Calvin Darden, Henrique De Castro and James Johnson “for failure to provide sufficient risk oversight.” These board members comprise Target’s audit and corporate responsibility committees.
ISS said the committees should have been aware and closely monitored the risk of a data breach and potential impacts on brand reputation and value.
“We want to assure you that the board takes its oversight responsibilities seriously and we recognize the importance of Target addressing these information security issues in the most effective manner possible,” Austin concluded.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
