Target Hackers Got PINs, Too

But Target thinks they're safely encrypted

By Kevin Spak,  Newser Staff

Posted Dec 27, 2013 2:28 PM CST

(Newser) – Ever since news broke of Target's massive security breach, the retailer has said that customers' PIN and debit card data hadn't been stolen. Today, it admitted that actually, it had been—which, according to the Minneapolis Star Tribune, makes the stolen cards significantly more likely to be fraudulently cloned. But Target says it's "confident that PIN numbers are safe and secure" because they were tightly encrypted.

That means to read them, thieves would need a key that Target says never even existed in its system—the second customers put in their number, it was encrypted and sent to a third-party payment processor. An independent security expert tells CNNMoney that it would be "difficult or impossible to decrypt" Target's algorithm without that key. But an anonymous executive for a major US bank tells Reuters that they're worried nonetheless, and JPMorgan and Santander have both lowered their limits on ATM withdrawals as a precaution.

In this 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.
In this 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.   (AP Photo/Phil Coale, File)
A Target store in Watertown, Mass.
A Target store in Watertown, Mass.   (AP Photo/Steven Senne, File)
« Prev« Prev | Next »Next » Slideshow
My TakeCLICK BELOW TO VOTE
10%
1%
5%
3%
76%
5%
To report an error on this story, notify our editors.

NEWS FROM OUR PARTNERS
Other Sites We Like:   The Street   |   MSN Living   |   PopSugar Tech   |   RealClear   |   24/7 Wall St.   |   Biography   |   Barstool Sports   |   OK!