Before Monday, the stock had declined 12 per cent in the past 12 months.
In March, Target told a Senate panel that it had clues about the attack weeks before responding and was exploring why it took so long to react. Sometime after intruders entered Target's systems on Nov. 12, their activities were detected and evaluated by security professionals, according to remarks Mulligan submitted to the panel. The company was later alerted to suspicious activity by the Justice Department, leading to an internal investigation that confirmed a breach on Dec. 15.
"We are asking hard questions about whether we could have taken different actions before the breach was discovered that would've resulted in different outcomes," Mulligan said at the time. "In particular, we are focused on what information we had that could have alerted us to the breach earlier; whether we had the right personnel in the right positions; and ensuring that decisions related to operational and security matters were sound."
The hearing followed a report by Bloomberg Businessweek that found Target ignored warnings from its hacker-detection tools. The breach compromised 40 million credit card numbers - along with 70 million addresses, phone numbers and other pieces of personal information.
Several senators criticized Target's management for not reacting sooner to the early warnings. The Senate Committee on Commerce, Science and Transportation, which prepared a report ahead of the hearing, found that Target appeared to have missed opportunities "to stop the attackers and prevent the massive data breach."
The board said Monday that Steinhafel held himself personally accountable for the breach and "pledged that Target would emerge a better company." Steinhafel, who had been CEO since 2008, will remain an adviser to the company during the transition.
When Steinhafel was rising up through Target's merchandising ranks, he played a key role in helping the chain differentiate itself from Wal-Mart. In the early 1990s, he revamped its selection, forged partnerships with well-known designers and focused on higher-income shoppers.
In recent years, the company has suffered missteps, including its push into Canada. Canadians, who for years had shopped at Target stores just over the border in the U.S., have been disappointed that prices in Canada are higher. Local competitors also cut their prices to make Target's entry more difficult. The operation lost $941 million before interest and taxes in 2013, reducing the year's profit by $1.13 a share.
"They need some new leadership in there," said Brian Yarbrough, an analyst at Edward Jones in St. Louis. "The U.S. has been struggling, the Canadian expansion has been a disaster, and then you throw in the data breach."
Steinhafel is entitled to severance payments, Target said in a separate filing Monday. According to the company's proxy statement last year, the executive was eligible for about $9.26 million if he left voluntarily and about $26.6 million if it was involuntary but not for cause.
The company also has hired the recruitment firm Korn Ferry to advise the board. Target will probably seek candidates with a retail background, Feldman said. He sees HSN Inc. CEO Mindy Grossman, Victoria's Secret CEO Sharen Turney and Bon-Ton Stores Inc. CEO Brendan Hoffman as possibilities.
Target isn't the only retailer to have its systems attacked in the past year. Luxury department-store chain Neiman Marcus said in January that about 1.1 million credit cards may have been compromised in a data breach. Days later, arts- and-crafts retailer Michaels Stores Inc. said some customer payment-card data may have been used fraudulently.
To tighten security, retailers are upgrading their systems to comply with a chip-based smart-card standard known as EMV - named for Europay-MasterCard-Visa, the companies that first backed the technology. Credit card networks have set an October 2015 deadline for most U.S. merchants to upgrade their payment systems.
Target also named a new technology chief last month, turning to Bob DeRodes, a former adviser for the Department of Homeland Security, the Justice Department and the Secretary of Defense. He replaced Beth Jacob as chief information officer, following her departure in March. The company also named MasterCard as the processor for the more secure house-brand credit and debit cards it plans to introduce early next year.
A new CEO will have to build on what Target is doing right, while bringing "a fresh perspective," Yarbrough said.
"You don't want someone new who comes in and makes a bunch of wholesale changes," he said.
-Bloomberg
