Target disclosed in December that a cyber attack had resulted in the
theft of at least 40 million payment card numbers and 70 million
other pieces of customer data weeks before Christmas.
ISS blamed Target's audit and corporate responsibility committees,
which oversee risks such as fraud, for being "inadequately prepared"
for risks of doing business in electronic commerce.
"It appears that failure of the committees to ensure appropriate
management of these risks set the stage for the data breach, which
has resulted in significant losses to the company and its
shareholders," ISS said in its report.
Ahead of Target's shareholder meeting next month, ISS asked for a
vote against directors including interim non-executive chair of the
board Roxanne Austin, and others, namely Mary Minnick, Anne Mulcahy,
Derica Rice, Calvin Darden, Henrique De Castro and James Johnson.
The proxy firm also said a policy to separate chairman and CEO roles
could improve the independent oversight of management.
Target's board had not made a decision on whether to continue with
an independent chair and will re-assess its leadership structure
once a new CEO is announced, the company told Reuters in an email
"...following the criminal attack that resulted in the data breach,
the board is re-examining the entire risk oversight structure,
including senior management roles and reporting structures, as well
as board oversight," Target said.
[to top of second column]
Earlier this month, Target removed Chief Executive Gregg Steinhafel,
who had been in the top job since 2008, and named John Mulligan as
interim chief executive.
Target's shares have fallen 12.8 percent since the announcement of
the breach to Wednesday's close of $55.34 on the New York Stock
(Reporting by Jim Finkle in Boston and Shailaja Sharma in Bangalore;
Editing by Ken Wills)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.