IBJNews

Target says customers' encrypted PINs were stolen

Back to TopCommentsE-mailPrintBookmark and Share

 Target said Friday that debit-card PINs were among the financial information stolen from millions of customers who shopped at the retailer earlier this month.

The company said the stolen personal identification numbers, which customers type in to keypads to make secure transactions, were encrypted and that this strongly reduces risk to customers. In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target stores between Nov. 27 and Dec. 15.

Security experts say it's the second-largest theft of card accounts in U.S. history, surpassed only by a scam that began in 2005 involving retailer TJX Cos.

Target said it doesn't have access to nor does it store the encryption key within its system, and the PIN information can only be decrypted when it is received by the retailer's external, independent payment processor.

"We remain confident that PIN numbers are safe and secure," spokeswoman Molly Snyder said in an emailed statement Friday. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems." The company maintains that the "key" necessary to decrypt that data never existed within Target's system and could not have been taken during the hack.

However, Gartner security analyst Avivah Litan said Friday that the PINs for the affected cards are not safe and people "should change them at this point."

Litan said that while she has no information about the encrypted PIN information in Target's case, such data has been decrypted before, in particular the 2005 TJX Cos. hacking case that's believed the largest case of identity theft in U.S. history.

In 2009 computer hacker Albert Gonzalez plead guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted companies such as T.J. Maxx, Barnes & Noble and OfficeMax. Gonzalez's group was able to decrypt encrypted data. Litan said changes have been made since then to make decrypting more difficult but "nothing is infallible."

"It's not impossible, not unprecedented (and) has been done before," she said.

Besides changing your PIN, Litan says shoppers should opt to use their signature to approve transactions instead because it is safer.

Still, she said Target did "as much as could be reasonably expected" in this case. "It's a leaky system to begin with," she said.

Credit card companies in the U.S. plan to replace magnetic strips with digital chips by the fall of 2015, a system already common in Europe and other countries that makes data theft more difficult.

Minneapolis-based Target Corp. said it is still in the early stages of investigating the breach. It has been working with the Secret Service and the Department of Justice.

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in IBJ editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT

facebook - twitter on Facebook & Twitter

Follow on TwitterFollow IBJ on Facebook:
Follow on TwitterFollow IBJ's Tweets on these topics:
 
thisissue1-092914.jpg 092914

Subscribe to IBJ
  1. Here are a few candidates for this new group, "ripped from the headlines." First up, that bizzaro State Senator Brent Waltz; secondly, the unethical Todd Huston, and his contractual arrangements scheme; Finally, but not least of all, the dishonorable Eric Turner. What sayeth you Greg Zoeller?

  2. Good day. I can't hide this great testimony that take place in my life I will love everyone to know it and be partaker that is why I always place it on answer, I am Mrs,Natalie Cuttaia by name, I live in Texas, United State Of America, I want to thank (Mr.Bruce Brandon) for his kindness upon my family life. I never knew that there is still nice lender like this on internet and earth here. Just some Months Back, I was in search for a loan of $100,000,00 as I was running out of money for feeding and rent. I was scammed $6,800 Dollars and I decided not to involve my self in such business again but a Friend of my introduced me to a loan firm due to my appearance and doings. And I told him that I am not interested of any loan deal anymore but he told me that there is still a nice lender who he will recommend me to, and I made a trial and I am most grateful lucky am I today, I was given a loan amount of $100,000.00usd, by this great Company (Bruce Brandon Loan Company) managed by (Mr.Bruce Brandon) If you are in need of a genuine or legit loan or financial assistance and you can be reliable and trusted of capable of paying back at the due time of the funds I will advice you to, contact him via: ( bruce.brandon071@gmail.com ) And you will be free from scams in the internet. All thanks to Mr.Bruce Brandon You are the one who remove me and my family out of poverty. The reason why i am doing this is that, i promise Mr.Bruce Brandon that if i truly got my loan, i will advertize his company and bring customers to his company. Contact him via ( bruce.brandon071@gmail.com )for the Loan you have been looking for..

  3. Hello, We are firm Organization formed to help people in needs of helps,such as financial help. So if you are going through financial difficulty or you are in any financial mess,and you need funds to start up your own business,or you need loan to settle your debt or pay off your bills,start a nice business, or you are finding it hard to obtain capital loan from local banks,contact us today via email mrsroseberrywilkinsfunds.usa@gmail.com So do not let these opportunity pass you by because Jesus is the same yesterday, today and forever more. Please these is for serious minded and God fearing People. Your Name: Loan Amount: Loan Duration: Valid Cell Phone Number: Thanks for your understanding to your contact as we Await Regards Management Email:mrsroseberrywilkinsfunds.usa@gmail.com

  4. The question is, where could they build a new stadium? It seems in the past year, all the prime spots have been spoken for with potential projects. Maybe in the industrial wasteland area a block past Lucas Oil? I think it needs to be close to the core, if a new stadium is built.

  5. Aldi is generally a great shopping experience. Still, I'm sure YOU wouldn't want to shop there, which I consider a positive.

ADVERTISEMENT