Last week Target revealed that it had suffered a massive security breach in which 40 million credit and debit card numbers had been compromised. The retailer said that the “sophisticated” hack lasted 19 days but didn’t say exactly how it went down. Numerous reports started circulating a few days back about the possibility of encrypted bank PINs having been compromised as well, Target initially denied it, but now it has confirmed that hackers were able to steal encrypted credit and debit card PINs.
A spokeswoman for the retailer made this confirmation, while saying that the PIN numbers should be “safe and secure” because hackers can not decrypt them without having the required keys. Since Target doesn’t store encrypted keys, they couldn’t have been stolen in the hack, which is why the retailer is certain that despite encrypted bank PINs being stolen there’s not much that the hackers will be able to do with them. Target’s independent payments processor has the necessary keys, and so far there haven’t been any reports of that payments processor being hit with a similar breach. Nevertheless, a major U.S. bank which spoke to Reuters is concerned that hackers will ultimately be able to crack the encryption, which would allow them to wreak havoc on associated bank accounts. Those who shopped at Target and paid through plastic should considering changing their PINs and keeping a close eye on their account activity.
Filed in . Read more about Target.