Categories: Workspace

Target: Why Blame The Victim Of The Crime?

US retail giant Target lost its CIO, Beth Jacob, on 5 March. The story is that Jacob (pictured below) resigned after being at the company 12 years.

Target, of course, is at the centre of the largest retail data breach in recent memory. On 9 December, Target reported that 40 million credit and debit cards were compromised in a data breach. That number expanded to more than 70 million in a subsequent disclosure from Target in January.

Remember, Target was the victim

While much of the focus ever since the data breach was first disclosed has been to look at where Target may have failed, I think it’s critically important to remember here that Target is the victim.

Someone, or some hacker group, stole from Target. Target did not steal from its own customers or willingly give information to attackers; Target was attacked and is the victim of a crime here.

In most crimes of which I’m aware, the victim doesn’t take blame and doesn’t need to stand up and apologize for being a victim.

Yet that’s what has happened with the Target data breach. Target has apologised for being a victim, and the resignation of Jacob is just the latest step in that apology. Surely, there needs to be accountability and the CIO does inevitably have some responsibility to bear, but still Target is the victim.

For the 12 years Jacob was at Target she, no doubt, did the best job she could. Considering that to the best of my knowledge Target was not the victim of a data breach at any point in the last 12 years and did not suffer any other major IT meltdown, Jacob did an admirable job.

If you leave the keys in your car with the doors unlocked and your car is stolen, are you at fault? Yeah, you’re not a genius, but the car thief is still the criminal.

I’m not saying that’s exactly what happened in the Target case, and that no one was minding the cash register. We still do not definitively know what precisely happened at Target though there is widespread speculation. The general speculation is that some form of memory scraping malware was present and that somehow magnetic card strips also played a role.

The Payment Card Industry Data Security Standard (PCI DSS) includes multiple layers of provisions that are intended to protect retailers and their customers from data breaches. At some point, Target was PCI DSS-compliant, and the general speculation is that, at some juncture, they fell out of compliance, which is how the breach occurred.

A cautionary tale

Overall, though, the fact that the CIO of Target had to metaphorically fall on her sword should serve as a very cautionary tale for all IT security professionals. Even though Target is the victim here, it is also responsible for its own security and the security of its customers.

IT security professionals and now even the CIO in organizations will be held accountable for data breaches, and as such, an exceptional level of diligence and rigour will be required to provide real security. For IT execs, security is no longer a feature or an operational imperative; it is now quite literally a critical component of staying employed.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

How well do you know Internet security? Try our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

View Comments

  • Target was the victim because they allowed themselves to be the victim. The security responsibility was fragmented within the company and it was reported this morning that Beth Jacob has a sales background and apparently never had the IT depth to be a CIO.

  • If you're going to use the rather shaky analogy of "If you leave the keys in your car with the doors unlocked and your car is stolen, are you at fault? Yeah, you’re not a genius, but the car thief is still the criminal" you need at least to extend it to include the detail that the car is full of other people's belongings, with which you are entrusted. By leaving the keys in the car with the door unlocked you've failed in your obligation to protect those belongings, and you can't expect to say to them "Hey, I'm the victim here - leave me alone".

  • The failed website launch was also on her watch...that was a very significant meltdown..As stated above...she was non IT background, and was allowed to surround herself with her hires for 12 years...this is the type of fruit that tree will bear...sounds like target recognizes it's mistake with the repeated statement of an external hire to replace her.

Recent Posts

Elon Musk Questions X’s Ban In China, After TikTok Ban

With Donald Trump moving to strike down US ban on TikTok, Elon Musk questions why…

11 hours ago

Russian State-Linked Hackers Target WhatsApp Accounts, Warns Microsoft

Microsoft warns the WhatsApp accounts of US government officials are being targetted by Russian hacking…

13 hours ago

Donald Trump, Melania Trump Launch Separate Cryptocurrencies

Two new cryptocurrencies are established, as $Trump and $Melania is launched by both Donald Trump…

14 hours ago

TikTok Restores Service In US After Trump Pledge

After Trump says he will issue executive order on Monday, TikTok began restoring service on…

18 hours ago

Amazon Pauses Drone Deliveries After Crashes

Another delay. Amazon deliveries by drone in Texas, Arizona paused after aircraft reportedly crashed in…

21 hours ago

TikTok Switched Off In US Ahead Of Ban Deadline

TikTok goes dark in the United States on Saturday, ahead of America's nationwide ban on…

1 day ago