12/27/2013 12:23 pm ET Updated Dec 27, 2013

Target Confirms Encrypted PIN Data Was Stolen In Data Breach


Target confirmed Friday that encrypted PIN data was stolen during the massive data breach that affected an estimated 40 million accounts. Though the PIN data was taken, Target representatives wrote in an e-mail to reporters that they believe PIN numbers are still safe and secure.

While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.

The e-mail goes on to explain that because Target's system doesn't store the information necessary to de-crypt, or reveal, customers' PIN numbers shoppers' "debit card accounts have not been compromised due to the encrypted PIN numbers being taken."

Earlier this week, a senior payment executive who asked to remain anonymous told Reuters that the hackers who compromised Target's system had taken PIN data. At the time Target spokeswoman Molly Snyder told Reuters, "We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised."

The Justice Department is investigating the data breach, which is believed to be the second largest of its kind in U.S. history. The largest affected 47.5 million accounts after T.J. Maxx's data system was compromised in the mid-2000s.

Despite offering a 10 percent discount the weekend after the breach was announced, Target suffered a drop in store traffic during that period, which was the last weekend before Christmas -- typically a hugely profitable time for retailers.



Epic Product Fails