Huffpost Business

Target Confirms Encrypted PIN Data Was Stolen In Data Breach

Posted: Updated:
TARGET
A customer pushes a cart outside of a Target store, Thursday, Dec. 26, 2013, in Jersey City, N.J. Earlier, U.S. Sen. Robert Menendez, a member of the Senate banking committee, held a news conference outside of the store. Menendez is laying out efforts to protect consumers' personal information, in light news that information from 40 million Target customers were stolen. (AP Photo/Julio Cortez) | ASSOCIATED PRESS

Target confirmed Friday that encrypted PIN data was stolen during the massive data breach that affected an estimated 40 million accounts. Though the PIN data was taken, Target representatives wrote in an e-mail to reporters that they believe PIN numbers are still safe and secure.

While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.

The e-mail goes on to explain that because Target's system doesn't store the information necessary to de-crypt, or reveal, customers' PIN numbers shoppers' "debit card accounts have not been compromised due to the encrypted PIN numbers being taken."

Earlier this week, a senior payment executive who asked to remain anonymous told Reuters that the hackers who compromised Target's system had taken PIN data. At the time Target spokeswoman Molly Snyder told Reuters, "We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised."

The Justice Department is investigating the data breach, which is believed to be the second largest of its kind in U.S. history. The largest affected 47.5 million accounts after T.J. Maxx's data system was compromised in the mid-2000s.

Despite offering a 10 percent discount the weekend after the breach was announced, Target suffered a drop in store traffic during that period, which was the last weekend before Christmas -- typically a hugely profitable time for retailers.

Also on HuffPost:

Close
Epic Product Fails
of
Share
Tweet
Advertisement
Share this
close
Current Slide

Suggest a correction

Around the Web

Target challenges report that hackers stole PINs in data breach

Target Denies Data Breach Included Stolen PINs

Target hackers stole encrypted bank PINs: Source

Target denies bank PINs stolen

Target Denies Report That PINs Were Stolen In Data Breach

Report:Target hackers stole encrypted bank PINs

Target: No PIN numbers were stolen in massive identity theft