Target Hackers Got PINs, Too

But Target thinks they're safely encrypted
By Kevin Spak,  Newser Staff
Posted Dec 27, 2013 2:28 PM CST
In this 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.   (AP Photo/Phil Coale, File)
camera-icon View 1 more image

(Newser) – Ever since news broke of Target's massive security breach, the retailer has said that customers' PIN and debit card data hadn't been stolen. Today, it admitted that actually, it had been—which, according to the Minneapolis Star Tribune, makes the stolen cards significantly more likely to be fraudulently cloned. But Target says it's "confident that PIN numbers are safe and secure" because they were tightly encrypted.

That means to read them, thieves would need a key that Target says never even existed in its system—the second customers put in their number, it was encrypted and sent to a third-party payment processor. An independent security expert tells CNNMoney that it would be "difficult or impossible to decrypt" Target's algorithm without that key. But an anonymous executive for a major US bank tells Reuters that they're worried nonetheless, and JPMorgan and Santander have both lowered their limits on ATM withdrawals as a precaution.

My Take on This Story
Show results without voting  |