By Paul Ziobro
Target Corp. shareholders should vote out seven of the company's
10 directors, a prominent proxy adviser said, citing what it called
a failure by the board to protect the company ahead of a massive
data breach during the holiday shopping season.
Institutional Shareholder Services, which advises big
shareholders like mutual funds how to vote on corporate issues,
focused on directors who serve on Target's audit and
corporate-responsibility committees. Those committees are tasked
with overseeing and managing risk, and the data breach showed the
company was inadequately prepared for the threats posed by
hackers.
"It appears that failure of the committees to ensure appropriate
management of these risks set the stage for the data breach, which
has resulted in significant losses to the company and its
shareholders," ISS wrote.
ISS, which rarely recommends voting against a majority of the
board, added that actions Target took in response to the breach,
like replacing the chief information officer and beefing up its
security protocols, appear "largely reactionary" and could have
prevented the data breach from occurring had the company
implemented them sooner.
A Target spokesman didn't immediately respond to a request for
comment. The report notes that Target has acknowledged the need for
better cybersecurity protocols and better internal monitoring of
potential risks.
The company's annual meeting is scheduled for June 11.
The ISS report is the latest criticism to emerge against
Target's handling of the breach, which compromised 40 million
credit- and debit-card numbers weeks before Christmas, and is among
the first to lay the blame squarely on the board.
The recommendation calls for voting against seven of the 10
directors, including two of Target's longest serving members:
former Xerox Corp. Chief Executive Anne Mulcahy and the onetime
head of Fannie Mae and lead independent director James Johnson. The
firm recommends voting for Kenneth Salazar, the former U.S. senator
who leads the corporate responsibility committee and only joined
the board last July, as well as two members who didn't serve on the
audit or oversight committees.
The firm also said shareholders should vote to separate the
roles of chairman and chief executive, a proposal voted down at
Target's shareholder meeting last year. ISS says that Target's weak
performance and the data breach showed that the dual role of CEO
and chairman didn't provide enough oversight of management.
Chief Executive Gregg Steinhafel resigned earlier this month in
part for his handling of the data breach. The company currently has
an interim chairman and a separate interim CEO as it searches for a
new chief. In its proxy statement filed with the Securities and
Exchange Commission, Target argued against the proposal to separate
the two roles, saying its current structure of a lead independent
director provides enough oversight.
Target did say its board plans to revisit the leadership
structure when it appoints a permanent CEO.
Roxanne Austin, the current interim chairman, is among the
directors ISS has targeted for defeat.
Joann S. Lublin contributed to this article
Write to Paul Ziobro at Paul.Ziobro@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires