Gregg Steinhafel, the chairman and chief executive of Target, resigned Monday, the latest in a series of moves made by the company as it struggles to recover from last year’s extensive data breach of customer information.
The company’s board made the announcement, saying that the resignation of Steinhafel, who had been with Target for 35 years, occurred after extensive discussions and that the board wanted new leadership.
Known for promoting up through the ranks, the major retailer, one of the country’s largest, said it would conduct a search for Steinhafel’s successor. In the interim, it named John Mulligan, Target’s chief financial officer, to be president and chief executive, and Roxanne Austin, a Target board member, will serve as nonexecutive chairwoman.
“The last several months have tested Target in unprecedented ways,” Steinhafel said in a letter to the board. “We have already begun taking a number of steps to further enhance data security, putting the right people, processes and systems in place.”
Those steps are proving quite costly. Last week the company announced an accelerated timetable for adopting a chip-and-PIN technology for all its in-house debit and credit cards, a technology used widely in Europe that is considered more secure. Target officials estimated that the switch to a new technology would cost $100 million. In addition, the company reported spending $61 million in its fourth quarter for breach-related expenses and said it expected those expenses to continue.
The last several months have seen a spate of data breaches at retailers, including Neiman Marcus and Michaels, which people involved in the investigation have said were likely perpetrated by the same loose gang of criminals in Eastern Europe that attacked Target.
Target’s troubles have extended beyond the breach, however. The company, which has about 1,800 stores in the United States, recently opened more than 100 stores in a matter of months in Canada. That expansion has delivered disappointing margins and the company has struggled with inventory problems there that have led to a lot of empty shelves.
Target is scheduled to release its first-quarter earnings later this month, its second financial earnings announcement since the breach, and in notes to investors on Monday, retail analysts said Steinhafel’s resignation did not bode well for the company’s performance.
“Presumably the board was not pleased with Steinhafel’s performance, and we think that it is fair to assume that current business trends are not particularly good,” Faye Landes, an analyst at Cowen, wrote in a note to investors. “The board also may have come to the conclusion that the problems leading to the credit breach were the results of underinvestment, which is a CEO decision, and the after-effects of the breach may ultimately be quite costly, which we believe to be the case.”
While the company’s stock dropped in January and February, as news of the breach kept coming and its financial impact proved to be significant, the stock price has since largely recovered. Shares of Target were down 3 percent Monday.
Target officials had acknowledged in the months since the breach that warning signs of computer hacking had been missed in the weeks before the breach was made public. The disclosure made in December, in the final days of the holiday shopping season, exposed the payment data of 40 million Target customers and the personal data of an additional batch of 70 million customers. Some 12 million people are thought to have both their payment and their personal data compromised.
Company executives have said the breach had an immediate, significant impact on the company’s performance, driving sales and traffic down substantially. The company’s profit in the last quarter of the year was down 46 percent over the same period the year before.
Since then, the company’s information security apparatus has come under scrutiny from security experts, and its officials have been summoned to testify before congressional panels about individuals’ privacy on the Internet. Some experts have said the company’s network was vulnerable to attack, and Target later conceded that its security system had issued alerts that were not heeded about suspicious activity during the breach.
Steinhafel had been chief executive since 2008.