Target: Customers’ encrypted PINs were stolen

0

ATLANTA (AP) — Target said Friday that debit-card PINnumbers were among the financial
information stolen from millions ofcustomers who shopped at the retailer earlier this month.Thecompany
said the stolen personal identification numbers, which customerstype in to keypads to make secure
transactions, were encrypted and thatthis strongly reduces risk to customers. In addition to the
encryptedPINs, customer names, credit and debit card numbers, card expirationdates and the embedded code
on the magnetic strip on back of the cardswere stolen from about 40 million credit and debit cards used
at Targetbetween Nov. 27 and Dec. 15.Security experts say it’s thesecond-largest theft of card accounts
in U.S. history, surpassed only bya scam that began in 2005 involving retailer TJX Cos.Target saidit
doesn’t have access to nor does it store the encryption key withinits system, and the PIN information
can only be decrypted when it isreceived by the retailer’s external, independent payment
processor."Weremain confident that PIN numbers are safe and secure," spokeswomanMolly Snyder
said in an emailed statement Friday. "The PIN informationwas fully encrypted at the keypad,
remained encrypted within our system,and remained encrypted when it was removed from our systems."
Thecompany maintains that the "key" necessary to decrypt that data neverexisted within
Target’s system and could not have been taken during thehack.However, Gartner security analyst Avivah
Litan said Fridaythat the PINs for the affected cards are not safe and people "shouldchange them at
this point."Minneapolis-based Target said it isstill in the early stages of investigating the
breach. It has beenworking with the Secret Service and the Department of Justice.__Ortutay contributed
from San Francisco.Copyright 2013 The Associated Press. All rightsreserved. This material may not be
published, broadcast, rewritten orredistributed.

No posts to display