Target confirms encrypted PIN data stolen
Kevin McCoy, USA TODAY6:33 p.m. EST December 27, 2013
The third-largest U.S. retailer says its investigation of the massive data breach is continuing.
Hackers who stole data for up to 40 million credit cards and debit cards used in Target stores removed encrypted data with personal identification numbers — but the theft isn’t expected to compromise card holder accounts — the retail giant said Friday.
“We remain confident that PIN numbers are safe and secure,” said a statement issued by Molly Snyder, a spokeswoman for the company hit by the November-December data breach.
According to the company, Target does not have access to nor does it store the encryption key within its computer systems. When a Target customer uses a debit card in one of the company’s stores and enters his or her PIN, the number is encrypted at the keypad with a widely used security program known as Triple DES, the company said.
