Target US appoints a CISO

US retail giant Target has appointed a chief information security officer in a bid to shore up its information security systems and processes following a large-scale data breach last year.

Bob Maoirino.

The company has announced Brad Maiorino will join the company from next week to lead Target's information security and technology risk strategy to ensure the "company, its guests and team members are protected from internal and external information security threats".

He will report to Bob DeRodes, Target's new chief information officer.

Maiorino joins Target from the same role at General Motors, and prior to that as CISO at General Electric.

“Having led this critical function at two of the country’s largest companies, Brad is widely recognised as one of the nation’s top leaders in the complex, evolving areas of information security and risk,” DeRodes said in a statement.

“As an organisation, we have made a commitment to our guests and our team that Target will be a retail leader in information security and protection. We believe Brad is the right person to lead that charge.” 

Maoirino said he was looking forward to ensuring Target delivered on the steps it promised to undertake to beef up its systems and processes following the data breach, including enhancing monitoring, network segmentation, systems logging, database security and the installation of application whitelisting on point-of-sale systems. 

In December last year, the company revealed the credit card and personal data of more than 110 million customers had been exposed as a result of a data breach.

It was later revealed a contractor to the retailer had been duped by a phishing email carrying the Citadel malware, which stole the contractor's log-in credentials and granted the attackers access to Target's contractor services portal.

The attackers were then understood to have been able to break into to the wider Target network, later deploying the BlackPoS RAM-scraping malware to steal unencrypted cleartext payment data.

The damaging data breach resulted in the removal of Target's CEO and resignation of its CIO, a lawsuit by two US banks levied at the retailer and its security partner Trustwave, plummeting holiday profits and a huge repair bill.

The company indicated in May it would introduce the role of chief information security officer in order to tighten its security, alongside the newly created role of chief compliance officer.