Target shareholder dissent increases

Target shareholder dissent is growing. In its final shareholder’s meeting to approve 10 nominees for the board, the tally showed an increase in dissent against some key members. Investor confidence has plummeted since Target’s huge data breach.

Despite opposition at the discounter’s annual shareholder meeting on Wednesday, all the ten nominees were elected to the board. Analysts say the company has a huge task of regaining confidence among its investors.

The Target Corporation is America’s second largest discount retailer, after Walmart. The Minneapolis-based company is ranked 36th, according to Fortune 500. It has 361,000 employees.

Data breach undermined confidence

Investor confidence has been badly hit by the company’s disappointing expansion into Canada (with a nearly $1 billion loss), the data breach, and sluggish US sales. Gregg Steinhafel, Target’s CEO, was fired last month, so the company is actively looking for a new chief.

In May, Institutional Shareholder Services recommended that shareholders remove 7 of the 10 directors who work in Target’s corporate or audit committees because they had not detected or acted upon last year’s security threat.

The breach, which showed how poor the company’s security was, exposed millions of customers’ credit and debit card details. Investor confidence has since been severely affected.

110 million people affected

Security expert Brian Krebs broke the news on December 8th, 2013, that a Target probe was underway regarding a massive data breach “potentially involving millions of customer credit and debit card records.” The report was picked up by the media and reported worldwide.

Eleven days later, Target confirmed a hack had taken place between November 27th and December 15th, 2013. It warned that up to 40 million customers’ credit and debit cards may have been compromised. Hackers had retrieved customers’ expiration dates, names, card numbers and CVV security codes (the three-digit number at the back of cards).

Target later revealed that debit card PIN data had also been retrieved by hackers, reversing an earlier statement that PIN data was safe. However, the company added that the data was still in encrypted form and difficult to decipher.

On January 10th, 2014, Target announced that up to 70 million additional people’s data had been stolen, i.e. a total of 110 million affected people.

Bloomberg Businessweek published an article in March saying that Target’s computer security team had been told about the breach via the FireEye security service the company employed, and had plenty of time to block the theft of card and client data, but did not act.

7 nominees faced increased opposition

At least 19% of the shares cast were against the seven members mentioned by Institutional Shareholder Services.

Below are how shareholders voted on Wednesday for the 10 board nominees for a one-year term:

  • Roxanne S. Austin (interim chairman): For 78.0% – Against 22.0%
  • Douglas M. Baker Jr: For 95.5% – Against 4.5%
  • Calvin Darden: For 79.5% – Against 20.5%
  • Henrique De Castro: For 81.0% – Against 19.0%
  • James A. Johnson: For 62.9% – Against 37.1%
  • Mary E. Minnick: For 80.0% – Against 20.0%
  • Anne M. Mulcahy: For 63.6% – Against 36.4%
  • Derica W. Rice: : For 80.3% – Against 19.7%
  • Kenneth L. Salazar: : For 97.1% – Against 2.9%
  • John G. Stumpf: : For 94.9% – Against 5.1%

A shareholder got 45.8% backing for a proposal to create an independent chairman (0.6% abstained and 53.6% were against), i.e. split the job so that there is one chairman and one CEO.

Gregg Steinhafel - Target shareholder dissent
Gregg Steinhafel was the first CEO of a major company to be fired over a security breach.

The company’s executive compensation practices, which gave Gregg Steinhafel approximately $13 million last year plus another $15.9 million when he was fired, was supported by about 78% of shareholders in a “say-on-pay” vote (non-binding).

A challenging year

In a letter announcing Target’s voting results, Roxanne Austin, interim non-executive chair of the company’s board of directors, said:

“After a challenging year, we appreciate the continued support of our shareholders as we work to make Target an even stronger company. During this proxy season, we have had a productive dialogue with many of our investors, and we look forward to continued engagement in the weeks and months to come.”

“Along with the management team, we continue to focus on the following three priorities for Target: increasing U.S. traffic and sales; improving Canadian operations; and accelerating the company’s digital transformation to become a leading omnichannel retailer. While the search for Target’s next chief executive officer is ongoing, the board is working closely with the management team to make meaningful progress on each of these priorities.”

Security breach – A wake up call

Steinhafel was the first CEO of a major company to lose his job over a security breach.

Although CEOs are ultimately responsible for data security, it often gets put on a backburner because it is commonly seen as a non-core part of operations.

The Vancouver Sun quotes Ronald Humphrey, a professor who studies leadership at Virginia Commonwealth University, who said:

This is a wake-up call to CEOs that data security is something that affects their customers. If you’ve had your identity stolen you know it’s a huge headache. I think they have to take this very seriously.”

And if there is a breach, the person at the helm must be able to show his or her board of directors and shareholders that it was not the result of a lack of resources devoted to data security.