Former President Harry Truman had a sign on his desk indicating that the buck stopped there. The idea was that Truman was responsible for almost everything and that once an issue came to him, he would deal with it. The phrase has made its way into common parlance and now we often take it as a given that the person at the top of the food chain is responsible for everything.


Source: Target.com. 

Earlier today, Target (TGT 2.96%) announced that CEO Gregg Steinhafel was stepping down after 35 years at the company. In its announcement, Target said that Steinhafel led the response to the company's recent data breach and "held himself personally accountable." As a result, Target is now losing a good CEO at a time when continuity of management seems helpful. Does it have to be this way?

Short answer: Yes.

The data breach and Steinhafel's role
In December last year, Target announced that tens of millions of customers' card details might have been accessed by hackers who had gotten into Target's point-of-sales software. The company responded by offering credit protection to customers, giving shoppers an extra discount, and by working with law enforcement officials to help figure out what went wrong.

The company was already using PIN-pad encryption software that stopped the thieves from stealing PINs, but credit card numbers and other personal data were taken. In addition to the standard protections, Target had also recently implemented a new security platform designed to discover just the sort of software that the hackers used. In short, the company was well prepared.

What happened is still being revealed, but according to an investigation by Businessweek, it went down like this: Hackers used an outside vendor's login details to gain entry to Target's systems. After studying the layout, they installed malicious software into the Target point-of-sale system. They then installed more software that would send out the data once it was stolen from the infected registers.

At this point, Target's preparation should have come into play, alerting the business of the intrusion -- and it did, allegedly. But Target ignored or missed the alert, and credit card information started rolling out to the hackers.

Through all of this, Steinhafel's role would have been limited. CIO Beth Jacob, who stepped down in March, was running the technical side of the business at the time. Even her resignation was met with some sadness, as she was seen as a promoter of a healthy tech department at Target. It seems like the buck should have stopped with Jacob, leaving Steinhafel in place, but what if there were other factors in the board's decision?

Target's board takes aim at Steinhafel
Today, Target's board announced that Steinhafel was out and interim CEO John Mulligan (the current CFO) was in. The first sentence of the press release said it all: "Today we are announcing that, after extensive discussions, the board and Gregg Steinhafel have decided that now is the right time for new leadership at Target." The fallout from the announcement has hurt Target's stock and its sales. Since releasing news of the breach in December, shares have fallen slightly, recovering after a sharp early decline.

On top of the recent weakness, Target has suffered over the last year or so. Until then, the company's stock had matched the pace of the S&P 500 over Steinhafel's tenure. In fiscal 2012, Target grew its earnings per share by 7.9% and its comparable-store sales by a respectable 2.7%. By the second quarter of fiscal 2013, though, it had broken down.

Target's expansion into Canada was hurting the bottom line, and many were looking at Steinhafel as the reason for the underwhelming performance. In addition to the Canadian debacle, analysts and investors saw Target's online sales falling well behind its rivals -- another point against Steinhafel's leadership.

The bottom line
At the end of it all, it probably wasn't the data breach -- something Steinhafel had almost no hand in -- that made Target's board take action. Instead, it was likely the ongoing troubles of a once-strong brand and a desire to have a fresh start. Steinhafel was a company man, investing 35 years of his career with Target. Unfortunately, what Target really needs is an outside perspective.

From here, Target needs to move on with a fresh coat of paint. Take the underlying business and dress it back up so that customers are excited about the brand again. Steinhafel is leaving on a sour note, but the legacy he leaves behind is one of success -- a successful brand, a successful supply chain, and a relatively successful investment. It's too bad that Steinhafel had to go, but a new leader bodes well for Target's future.

In its fourth quarter, Target's comparable sales fell on news of the breach and Steinhafel's reassurances seem to have done little to get the business back on its feet. The company is still unsure of how much financial impact the breach will have over this year, and good news in the first quarter would be surprising.

For investors, the future is uncertain. Today's pullback could represent a buying opportunity, as the 10-year impact of the breach is likely to be minimal. Target's brand is still strong, a new set of leadership should be able to get new good things done, and, though botched, the Canadian expansion shows that the company has designs on expansion.

Even so, buyers should be aware that the earnings release near the end of May could bring plenty of bad news, with it pushing shares down even further. No matter what happens next, remember that Steinhafel did a lot of good while he was around -- but the buck ended up stopping with him. It's one of the burdens of being CEO and it may not seem fair from the outside, but that's the way it is.