If Gregg Steinhafel has taught us anything, it’s that security is paramount. Steinhafel, the former President, Chair, and Chief Executive of Target Corp. (NYSE:TGT) resigned from his post on May 5, a direct result of a cyber security breach suffered between November 28 and December 15 of last year. Approximately 40 million payment card records and 30 million other records were compromised during the breach, making it one of the largest in history. The fallout from the breach was so severe that it was no other head except Steinhafel’s that could have rolled.
Steinhafel’s resignation left an interesting question on the table: where does the buck stop when it comes to data security? In a press release regarding his departure, Target noted that Steinhafel “held himself personally accountable” for the data breach, but it’s not clear if people should expect this kind of accountability from a CEO in the information age. There are no sure bets when it comes to information security, and even strong, well-maintained security systems can be incomplete.
We were reminded of this on May 19 when LifeLock, Inc. (NYSE:LOCK), an identity theft prevention services company, reported that due to a security issue, it proactively removed its wallet app from app stores and deleted all user information store by the app. Chair and CEO Todd Davis was quick to open up communication, posting to the company’s blog to explain the issue and direct users with questions to the support team.
The market reacted by driving LifeLock stock down 17.57 percent to $10.70 at Monday’s close, the day the news was released. LifeLock is a fairly small company and the decline drove its market cap below $1 billion.
To be clear, the issue with LifeLock was not a data breach. As Davis put it, “We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards.” Not much more information than this was provided about the nature of the problem, but the company did say that “we have no reason to believe the data has been compromised.”
The news is still interesting for at least one reason and ironic for two reasons. First, it is interesting because it’s another notch in the timeline of cyber security issues facing U.S. companies. LifeLock has suffered a severe blow to both its reputation and share price, both of which will be difficult to repair. The news is just one more piece of evidence that businesses large and small, no matter how dedicated to security, can still be caught off guard.
Second, it’s ironic because LifeLock is in the data security business, albeit a consumer facing business that is generally less complex than providing for the security of a corporation. Better than that, though, is the fact that just last week LifeLock advisor Jean Chatzky wrote a blog post for the company talking about this exact thing.
Writing about the Heartbleed bug, Chatzky observed that the number of data breaches being reported is on the rise, jumping 300 percent in 2013 to 614. “The headline-making ones — Neiman Marcus, Michaels Stores, and the Target breach that just last week reportedly resulted in the ouster of the CEO — were just the tip of the iceberg.”