In the past, if your goal in life was to run a retail company, you wanted your biography to open with a scene of you manning the sales floor or schlepping boxes in a warehouse.
The younger you were in this scene, and the lowlier the position, the better the story. Doug McMillon, the CEO of Walmart, started 30 years ago as a teen-ager, unloading trucks at a distribution center.
Walgreens’s CEO, Greg Wasson, began as a pharmacy intern while still a college student. But the former Target CEO Gregg Steinhafel beats both of them, having mopped floors as a child at the family furniture store in Milwaukee before arriving at Target, as a merchandise trainee, thirty-five years ago.
Even after he became the CEO, earning millions of dollars a year, Steinhafel tried to see his stores as Target’s customers might. “I come in and I want to see, How does the store feel?” he told Marketplace’s Kai Ryssdal, in 2009. “Is it clean? Are the brand standards right?
I quickly look at the check lane—is there anybody waiting in line?… Am I excited to be here?” In February of this year, on a visit to a store, he pointed out that its entrance didn’t have enough shopping carts and that a mannequin’s arm was out of place, according to a Wall Street Journal profile.
Steinhafel has a sharp eye for details, but not the ones that could protect his business or save his job. Last year, a data breach at Target’s cash registers resulted in forty million customers having their credit- and debit-card numbers stolen during the holiday shopping season.
The company was slow to contact customers after the breach was made public, and people complained that Target had failed to respond to security alerts that might have stopped the hackers. Steinhafel resigned on Monday, saying that the company has “faced its share of difficulties” under his leadership, including a public battle with a major shareholder and the data theft. The cyberhacking that hit Target—and that, with bugs like Heartbleed, is ravaging the Internet—wasn’t something that his experience had prepared him to handle.
It’s a weakness shared by many other retail CEOs: the problems that they’ve spent decades learning to solve are not the problems that they face today.
That’s a danger for those of us who entrust these brands with our credit cards and, by extension, our identities. Steinhafel was among the best in the business at old-school retail.
He took over Target’s merchandising, in 1994, when the company was still a nondescript discounter and, over the following two decades, helped transform it into a “cheap chic” retailer that signed partnerships with designers such as Michael Graves and Isaac Mizrahi.
A decade ago, the company set up a Web site, at first outsourcing most of its online business to Amazon. Others—including criminals—have moved much faster to exploit the Internet.
The Target hackers infiltrated Steinhafel’s stores, remotely installing malicious software at checkout registers. Each time a customer swiped a credit or debit card, the software stole the information embedded in the card’s magnetic stripe.
Along with credit- and debit-card numbers, the criminals also took the names, mailing addresses, e-mail addresses, and phone numbers of as many as seventy million shoppers.
In response, the retailer is taking costly steps. It has offered shoppers a year of free credit monitoring. By early next year, the company plans to switch its store-brand credit and debit cards to a technology widely used in Europe called “chip and PIN,” which is considered more secure than the magnetic stripe. Target will spend a hundred million dollars on the transition.
It’s working with the Secret Service and the Justice Department to investigate the hacking, and it faces dozens of lawsuits over the data breach.
In February, Target’s former chief financial officer, John Mulligan, was called to testify before the Senate Judiciary Committee.
“All businesses—and their customers—are facing increasingly sophisticated threats from cyber criminals,” Mulligan told the senators. On Monday, Target named Mulligan its interim CEO, an indication that the company recognizes the need for change; until now, it’s been rare for a finance executive, rather than someone who rose up through store management, to become a retail CEO.
Target isn’t the only retailer that’s been hacked recently: Michaels stores lost more than three million credit-card numbers to a data breach, while Neiman Marcus said that hundreds of thousands of card numbers were compromised.
But this is the first time that a hacking has cost a prominent CEO his job. Retailers point out, fairly, that banks and other companies also are frequent victims of Internet fraud.
But the attacks on stores feel more personal—and are met with greater outrage—because retailers invest so much in advertising to forge an emotional connection between shoppers and their favorite brands.
Under Steinhafel’s leadership, Target had problems beyond hacking. Last year, it opened more than a hundred stores in Canada, but it failed to keep merchandise in stock and lost nearly a billion dollars on those stores.
It also struggled with online competition, and in this problem, too, Target is far from unique. Some traditional retailers treat Amazon almost as if its business is unseemly.