Target Hackers Got PINs, Too

But Target thinks they're safely encrypted
By Kevin Spak,  Newser Staff
Posted Dec 27, 2013 2:28 PM CST
Target Hackers Got PINs, Too
In this 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.   (AP Photo/Phil Coale, File)

Ever since news broke of Target's massive security breach, the retailer has said that customers' PIN and debit card data hadn't been stolen. Today, it admitted that actually, it had been—which, according to the Minneapolis Star Tribune, makes the stolen cards significantly more likely to be fraudulently cloned. But Target says it's "confident that PIN numbers are safe and secure" because they were tightly encrypted.

That means to read them, thieves would need a key that Target says never even existed in its system—the second customers put in their number, it was encrypted and sent to a third-party payment processor. An independent security expert tells CNNMoney that it would be "difficult or impossible to decrypt" Target's algorithm without that key. But an anonymous executive for a major US bank tells Reuters that they're worried nonetheless, and JPMorgan and Santander have both lowered their limits on ATM withdrawals as a precaution. (More Target stories.)

Get the news faster.
Tap to install our app.
X
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.

X