Target Corp Says PIN Numbers Have Been StolenBy: Daryl Nelson - December 28, 2013
It’s been a bad end of the year for Target Corp. and it seems that things just got worse.
Yesterday the company announced that credit and debit card PIN numbers were stolen from customers, along with the actual account information that was breached earlier this month.
However, store officials say they’re relying on Triple DES encryption backup and feel confident the PIN numbers won’t be able to be used.
“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems. The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken,” explained Target Corp.
“The PIN information is encrypted within Target’s system and can only be decrypted when it is received by our external, independent payment processor. What this means is that the key necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”
“I hope they are right because that information, along with the credit and debit numbers of millions of Target customers has been in the hands of very sophisticated criminals for over four weeks and has been, and is probably still being sold in the black markets,” he said to ABC News.
And Levin isn’t the only one who’s doubtful of Target’s encryption system failing, as some banks throughout the country have decided to take matters into its own hands by replacing customers’ credit and debit cards altogether.
“Whenever the public hears the word breach or compromise, the public is concerned, said Senior Vice President of Marketing and Retail Delivery, Maria Smathers. “They’re concerned about their personal information. They’re concerned about their money. They’re concerned about identity theft.”
Which probably means it’s not a bad idea for you to replace your credit and debit cards as well, since Target Corp. has already proved that the identity thieves just may be a little more sophisticated than the company thinks.
Image via Wikimedia Commons