Target has just acknowledged that PINs were stolen in the massive security breach their system suffered roughly a month ago.
The hack occurred at the end of November and beginning of December, and along with PINs being stolen, around 40 million Target shoppers had their credit card information taken as well. This data has already flooded the black market, with some credit card information being sold for as low as a quarter.
According to the Target, the PINs information that was stolen is “safe” due to the fact that they use Triple DES encryption. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” a statement from Target said.
When you use your PIN at the store, it is “encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the retailer says. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.
The company also added that “the most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”
Still, many customers are angry, rightfully so, and there are already class action lawsuits against Target in the works.
[via The Verge, image via kevin dooley’s flickr]