It Could Have Been Worse: Target Data Breach Didn’t Include PIN Numbers

The fallout from the massive holiday Target data breach persists, as the retailer works feverishly to sort out exactly what happened and what to do about it. The 40 million or so customers who used cards at Target between November 27th and December 15th and had their data accessed by cybercrooks still need to be wary of any fraudulent activity, but there’s at least a shred of good news: your PIN numbers are safe.

According to the most recent update from Target, PIN numbers are encrypted at the keypad with Triple DES encryption, and the company can’t decrypt them because the keys don’t exist in Target’s system. Rather, a third-party external payment processor handles all of that data; thus, unless both Target and the payment processor were both hacked, the PINs are safe.

Target data breach war room
Target's war room

So there’s that, at least.

Target has also noted that it’s working with state attorneys general, the U.S. Department of Justice, and the Secret Service on the breach. Hopefully justice will be served soon.
Via:  Target
BrianWilliams 11 months ago

Pretty easy to change your PIN, just in case.

realneil 11 months ago

Catch them and throw away the key.

RLott 11 months ago

pin numbers were in the hack mine got cleaned out .. target is covering their ass or trying to

scolaner 11 months ago

Really? Are you sure that it's just that you were advised to change it? And when did they tell you about it--this news was an update. I wonder if they told you about your PIN before they confirmed that the PINs were safe.

These are genuine questions--I'm not trying to challenge you here.

mike coyne 11 months ago

I did heard and saw it on news on TV. It is big problems for all people. I hope Target will get everything to update or fix the problems.

MCook 11 months ago

That's not what I'm hearing, who is right here?

digitaldd 11 months ago

PIN numbers safe but CVV codes were collected. Wait if target got PCI (Payment Card Industry) compliance certified I believe they weren't supposed to collect those.

Post a Comment
or Register to comment