Target Corporation has announced the appointment of Bob DeRodes as Chief Information Officer to help guide effort in the wake of a massive data breach that exposed account details of more than 100 million customers, and has also provided details on the security enhancements the company has implemented, which include plans to incorporate MasterCard chip-and-PIN technology across their REDcard portfolio.
“Effective May 5, Bob DeRodes will lead Target’s information technology transformation as executive vice president and chief information officer,” the company said in a statement.
“In his role, DeRodes will assume oversight of the Target technology team and operations, with responsibility for the ongoing data security enhancement efforts as well as the development of Target’s long-term information technology and digital roadmap. The company is continuing its active search for a chief information security officer and a chief compliance officer.”
Target’s previous CIO Beth Jacob had been in her position since 2008, and resigned in early March as a result of the breach which was first disclosed on December 19, and is believed to have lasted from at least Black Friday through December 15th, 2013.
“Establishing a clear path forward for Target following the data breach has been my top priority. I believe Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology,” said Gregg Steinhafel, Target chairman, president and CEO. “Bob’s history of leading transformational change positions him well to lead our continued breach responses and guide our long-term digital strategy.”
Target has also shared some of the security enhancements that have been initiated, including:
- Enhancing monitoring and logging
- Includes implementation of additional rules, alerts, centralizing log feeds and enabling additional logging capabilities
- Installation of application whitelisting point-of-sale systems
- Includes deploying to all registers, point-of-sale servers and development of whitelisting rules
- Implementation of enhanced segmentation
- Includes development of point-of-sale management tools, review and streamlining of network firewall rules and development of a comprehensive firewall governance process
- Reviewing and limiting vendor access
- Includes decommissioning vendor access to the server impacted in the breach and disabling select vendor access points including FTP and telnet protocols
- Enhanced security of accounts
- Includes coordinated reset of 445,000 Target team member and contractor passwords, broadening the use of two-factor authentication, expansion of password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developing additional training related to password rotation
The company also announced they have accelerated transition to chip-and-PIN-enabled REDcards, which will be available in early 2015 for their entire REDcard portfolio, which includes all Target-branded credit and debit cards.
“Target has long been an advocate for the widespread adoption of chip-and-PIN card technology,” said John Mulligan, executive vice president and CFO for Target. “As we aggressively move forward to bring enhanced technology to Target, we believe it is critical that we provide our REDcard guests with the most secure payment product available. This new initiative satisfies that goal.”
Read More Here…