Target Board Defends Role Before and After Data Breach

Under fire for its handling of the data breach, Target's board is now defending itself to shareholders in advance of next week's annual meeting.

In a letter this morning, Roxanne Austin, the board's interim chairwoman, told shareholders that the board takes its oversight responsibilities seriously and asks for their support in re-electing all of the directors.

The letter, which was filed with the Securities & Exchange Commission, comes days after proxy adviser Institutional Shareholder Services (ISS) recommended that investors oust seven of the retailer's 10 board members for failing to protect the company against the breach last year in which tens of millions of customers' personal and financial information was compromised.

"Cybercrime is a real and persistent threat as sophisticated criminals are constantly seeking to breach information networks and steal data," Austin wrote in the letter.

She added that such breaches are taking place across the board and affecting a "wide range of victims including the U.S. government, the technology and defense industries, and more traditional companies, like retailers."

Among the steps the company took before the breach, she said Target invested hundreds of millions of dollars in network security personnel, processes, technology and related resources; doubled the number of information security employees over five years to 300; required additional data security training for all Target employees; operated a security operations centers staffed around the clock to review suspicious network activity; and invested in network-monitoring technology to enhance Target's ability to detect potential cyberattacks.

Since the breach, the company has undertaken an end-to-end review of its network security and is conducting a broad examination of Target's risk oversight structure, she said.

Among the steps she outlines that Target has taken since the breach are: converting all of its REDCards to chip-enabled cards, equipping stores with chip-enabled card readers, hiring a new chief information officer, and conducting searches for a chief information security officer and chief compliance officer.

In its own report, ISS suggested that members of Target's audit and corporate responsibilities committees, including Austin, should not be re-elected since risk assessment and oversight of reputational risk were part of their duties.

Another proxy adviser, Glass, Lewis & Co., however, said there is not yet enough evidence that the breach resulted from board or management neglect. Still, it recommended shareholders reject two board members for other reasons.

Target will hold its shareholders meeting in Dallas on June 11.


Copyright 2014 - Star Tribune (Minneapolis)