Target reveals that debit card PIN codes were stolen during recent hack

target1

Target has just acknowledged that PINs were stolen in the massive security breach their system suffered roughly a month ago.

The hack occurred at the end of November and beginning of December, and along with PINs being stolen, around 40 million Target shoppers had their credit card information taken as well. This data has already flooded the black market, with some credit card information being sold for as low as a quarter.

According to the Target, the PINs information that was stolen is “safe” due to the fact that they use Triple DES encryption. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” a statement from Target said.

When you use your PIN at the store, it is “encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the retailer says. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.

The company also added that “the most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”

Still, many customers are angry, rightfully so, and there are already class action lawsuits against Target in the works.

[via The Verge, image via kevin dooley's flickr]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

2 comments

  1. CJ Cotter

    Hey, thanks for this article. I’ve been aware of this story, but since I don’t recall making any purchases at Target, I concluded that it was of no major concern to me.

    When I saw this article about PIN numbers being stolen, as well, I decided to double-check my bank records during that time period.

    Sure enough, I did make a Target purchase then with my debit card. I’ll be visiting my banker on my half-day Friday, for a new card number and PIN.

    A grateful thank you, once again. (Ignore Bruce. This article helped me.)