It Could Have Been Worse: Target Data Breach Didn’t Include PIN Numbers

The fallout from the massive holiday Target data breach persists, as the retailer works feverishly to sort out exactly what happened and what to do about it. The 40 million or so customers who used cards at Target between November 27th and December 15th and had their data accessed by cybercrooks still need to be wary of any fraudulent activity, but there’s at least a shred of good news: your PIN numbers are safe.

According to the most recent update from Target, PIN numbers are encrypted at the keypad with Triple DES encryption, and the company can’t decrypt them because the keys don’t exist in Target’s system. Rather, a third-party external payment processor handles all of that data; thus, unless both Target and the payment processor were both hacked, the PINs are safe.

Target data breach war room
Target's war room

So there’s that, at least.

Target has also noted that it’s working with state attorneys general, the U.S. Department of Justice, and the Secret Service on the breach. Hopefully justice will be served soon.