Target on Friday confirmed that some of the encrypted data stolen during a two week period beginning in November includes PIN information. The popular retailer has gone on record to assure customers that bank accounts are still safe despite the breach, explaining that technology used at the point of purchase is designed for such incidents. Still, with over 40 million of its customers potentially affected, Target’s assurances will likely do very little to quell concerns. It might take more than a ten percent discount apology to win back customer trust.
Beginning on Black Friday and ending Dec. 15, anyone in the U.S. who used a credit or debit card to purchase something at a Target retail store had their information stolen, including name, credit/debit numbers, expiration dates and CVV security information. Target now says PIN information was stolen, though Target claims actually extracting the PIN from the data is next to impossible.
“Target does not have access to nor does it store the encryption key without our system,” the company said. “The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”
While there are safeguards in place to prevent hackers from accessing such sensitive customer information, there’s no telling if the PINs will be extracted, even if Target says customer debit card account haven’t been compromised. What is encrypted today can very well be decrypted tomorrow. The bottom line is: if you shopped at Target between Nov. 27 and Dec. 15, keep a close eye on your account for suspicious activity.