“The joke in the cyber community is that there are two types of companies: those that know that they have been breached and those that don’t know yet that they have been breached.” -Suraj Srinvasan
In November and December of 2013, Target Corporation suffered one of the largest cyber breaches to date. The breach that occurred during the busy holiday shopping season resulted in personal and credit card information of approximately 110 million Target customers being compromised. The case describes the details of the breach, circumstances that lead to it, consequences for customers and for Target, and the company’s response. Additionally, the case discusses the role of management and the board of directors in cyber security at Target. Target’s board of directors was subject to intense criticism by shareholders and governance experts such as the leading proxy advisor Institutional Shareholder Services (ISS). Lastly, the case discusses the critique and defense of the board’s role and is designed to allow for a discussion of the causes and consequences of the cyber breach and accountability of directors in cyber security.