A prominent proxy adviser has recommended that Target Corp.'s shareholders oust seven of 10 board members at the retailer's annual meeting next month, saying that those directors failed to protect the company against a massive data breach last year.
Institutional Shareholder Services (ISS), which provides counsel to investors, said members of Target's audit and corporate responsibility committees should not be re-elected since risk assessment and oversight of reputational risk were part of their duties.
"The data breach revealed that the company was inadequately prepared for the significant risks of doing business in today's electronic commerce environment," ISS said in its report, released this week.
ISS went on to say that these two committees "should have been aware of, and more closely monitoring, the possibilities of theft of sensitive information" given Target's significant exposure to customer credit card information and e-commerce.
In a statement, Target said Wednesday that the board views risk oversight a "full board responsibility." As for data security issues, it said it had been among the "best-in-class within the retail industry" before the cyberattack.
"As one would expect, following the criminal attack that resulted in the data breach, the board is re-examining the entire risk oversight structure, including senior management roles and reporting structures, as well as board oversight," the company said.
Target declined to make any representatives available for an interview.
ISS' recommendations can be "highly influential" and are sometimes directly followed by mutual funds and other big institutional investors, said David Larcker, a Stanford business professor who focuses in corporate governance.