Most of Target Corp.'s board members are being targeted for ouster by a prominent firm that advises shareholders, alleging they failed to protect the company against a massive data breach that began just as last year's holiday shopping season was getting underway.
The firm, Institutional Shareholder Services, recommends that at their upcoming annual meeting, Target shareholders vote out seven of the 10 board members -- those who serve on the company's audit and corporate responsibility committees, the Star Tribune reports. That list includes Roxanne Austin, the interim board chair.
In December, Target disclosed that hackers had stolen information on 40 million credit and debit card accounts over a nearly three-week period before Christmas. Then in January, the company said hackers also stole personal information - including names, phone numbers, and email and mailing addresses - from as many as 70 million customers.
In its report released Wednesday, ISS said the breach shows the company is not prepared for the "significant risks of doing business in today’s electronic commerce environment.” It added that the two committees “should have been aware of, and more closely monitoring, the possibilities of theft of sensitive information” given Target’s significant exposure to customer credit card information and e-commerce, according to the Star Tribune.
Target's earnings are down, and its stock price has taken a beating since the data breach was disclosed in mid-December. It's fallen about 11 percent, or a $4.2 billion loss in market value, over that time. The company also faces more than 140 lawsuits with an unknown pricetag at this point.
There's also been a big shakeup at the executive level, with CEO Gregg Steinhafel fired earlier this month, and a new chief information officer hired after the previous one abruptly resigned in March.
It's unusual for ISS to recommend voting against the majority of members on a company's board, according to the Wall Street Journal. It says it's an indication that corporate boards everywhere should take the risks of cyberattacks more seriously, particularly retailers which store vast amounts of credit card numbers and other customer data.
Other analysts say ISS's conclusion that Target's board was responsible for the data breach is "far-fetched," according to MPR News. And they say it's highly unlikely shareholders would oust seven members at once, and essentially leave only a three-member board in place while it searches for a new CEO.
Target's annual shareholder meeting is June 11 in Dallas.