The thieves who gained access to millions of credit card numbers from Target's database during the week of Black Friday also stole PIN information, Target said today.
It was suspected but not confirmed until early Friday that the customers whose data had been compromised also had debit information stolen, but a company spokesperson says that info is encrypted.
"We remain confident that PIN numbers are safe and secure," Molly Snyder said in a statement. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."
However, according to the New York Times, hackers can easily find a way around the encrypted codes and have done so in similar cases in the past. Some of the stolen credit card numbers have already gone up for sale on the black market, and the sale of PIN info could be a thief's dream if they are able to access ATMs.
The security breach, which lasted from November 27 until December 15, is now the second largest in retail history. Banks around the country are working to get card replacements for their customers, but many have placed a spending limit on them for added security, which can be a headache for the victims.
Target released a statement just after the news broke earlier this month, saying they are working closely with law enforcement to bring those responsible to justice. However, no arrests have been made.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Image via Thinkstock