A new report recommends that Target shareholders oust seven of the 10 board members at the retailer’s shareholders meeting next month, saying that those directors failed to protect the company against the massive data breach.

Institutional Shareholder Services, a proxy adviser that provides counsel to shareholders, said members of Target Corp.’s audit and corporate responsibility committees should not be re-elected since risk assessment and oversight of reputational risk were part of their tasks.

“ISS believes that in light of the company’s significant exposure to customer credit card information and online retailing, these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information, especially since it involves shoppers and the communities in which the company operates, as well as the overall impact on brand reputation and brand value,” the report says.

In a statement, Target said the board views risk oversight as a “full board responsibility” and said it has made “significant” data security investments.

“As one would expect, following the criminal attack that resulted in the data breach, the board is re-examining the entire risk oversight structure, including senior management roles and reporting structures, as well as board oversight,” the company said.

In December, Target disclosed that its point-of-sale systems had been compromised by cyberthieves who gained access to the personal and financial information of tens of millions of customers. The breach triggered congressional hearings and a blistering Senate committee report outlining several steps Target could have taken to prevent the attack.

Amid the fallout from the breach, Target’s chief information officer, Beth Jacob, resigned in March. In late April, the company announced it appointed Bob DeRodes to take over that role.

But ISS noted that there were questions about the adequacy of Jacob’s credentials. It noted that her public biography listed previous roles such as head of guest operations.

DeRodes, by comparison, has a deep background in information technology and data security, it said.

Target is still looking for a new chief security officer and chief compliance officer, in addition to a new chief executive since the board fired Gregg Steinhafel last month.

But ISS said these actions by the board seem to be “largely reactionary in nature.” It noted that Target’s stock has fallen about 11 percent – a $4.2 billion loss in market value – since Dec. 18, when the data breach was first revealed.