Target CIO Beth Jacob Resigns After Huge Breach

Outsmart Malicious Hackers


So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year.

To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would have been infiltrated with a similarly pervasive attack vector.

Beth Jacob - Target CIO

Target CIO Beth Jacob has apparently fallen on her sword in the wake of the massive security breach in mid-December that compromised 40 million debit and credit cards and swept national headlines. Her resignation was rendered this week effective immediately.

“If you look at the history of other large data breaches, turnover at the top of the IT shop is not unusual,” says retail IT consultant Cathy Hotka.

Target CEO Gregg Steinhafel says the retailer is now looking outside the company for a CIO to succeed Jacob and help overhaul its network security, according to the Wall Street Journal.

Ironically, Jacob, who has a sterling reputation among retail CIOs, was thought of as a great hire by Target in 2008, Hotka says.

Target’s security incident — from the sophisticated breach to Steinhafel penning a mea culpa open letter to Target customers to running apologetic ads in the Wall Street Journal and other major publications to Jacob’s resignation — is a watershed moment for retail CIOs. They are now faced with rethinking their data security strategy.

The kind of breach that occurred at Target was highly sophisticated. Hackers slipped their software into Target’s computer systems via credentials stolen from one of Target’s vendors, reported the Wall Street Journal. The software eventually made its way to checkout stations and began amassing credit card data.


Having worked in this industry for many years, it really comes as no surprise how lackadaisical corporate information security can be at times.

And this was a pretty slick multi-level attack coming in at first through a vendor’s access, and eventually landing on the POS terminals – as was the plan from the beginning I would imagine.

“The people who are responsible for these kinds of breaches are well-organized, criminal enterprises,” Hotka says. “If you went to go up to a bunch of retail CIOs and asked them, ‘Could this have happened to you?’ the answer would be, yes.”

CIOs are put in a tough position because they’re not given adequate security funding, Hotka says. She recalls five years ago when the CIO of apparel and home fashions retailer TJX Companies had asked for additional data security resources and didn’t get them. A massive security breach followed, compromising millions of credit card numbers. TJX Companies agreed to pay $40.9 million to resolve potential claims by banks.

Given the growing sophistication of attacks, retail CIOs must now reconsider whether or not managing the risk in-house is wise. As Jacob’s resignation shows, a retail CIO is culpable yet might not have the know-how or resources to protect the company.

So should retail CIOs outsource data security to the experts?

“I think at this stage it’s not unreasonable,” Hotka says.

There’s a LOT of articles going around about this at the moment, many concerning who’s to blame, was it the CIO? who’s fault is it that engineers brought up that they felt there’s a problem? and so on.

Could the CIO have prevented this? Perhaps if she was very technical and on the ground concerning security practice, but honestly there should be a CSO for that and it falls more under the remit of the CTO than the CIO in my eyes.

Source: Network World


Posted in: Exploits/Vulnerabilities, Legal Issues, Malware, Privacy

Latest Posts:


BSQLinjector - Blind SQL Injection Tool Download BSQLinjector – Blind SQL Injection Tool Download in Ruby
BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases.
CCleaner Hack - Spreading Malware To Specific Tech Companies CCleaner Hack – Spreading Malware To Specific Tech Companies
The CCleaner Hack is blowing up, initially estimated to be huge, it's hit at least 700k computers & is specifically targeting 20 top tech organisations.
AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds


Comments are closed.