Target has publicly confirmed that the encrypted debit card PIN information of customers was, in fact, stolen during the company’s very public security breach this past month. The break-in previously was thought to be limited to only the secure information on the magnetic strips of customer cards used in Target locations, but now includes the theft of PIN data as well.
The company has openly admitted that card numbers, expiration dates, and security codes were taken in the breach, which now puts at risk nearly 40 million customers.
That data has reportedly begun to hit the black market for those nefarious enough to pursue its purchase, which has put banks across the nation on extremely high alert for fraudulent account activity. However, Target says it retains its confidence in its Triple DES encryption system, which is designed to keep customer’s precious identification numbers “safe and secure.”
“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the company said in a statement.
When you make a debit purchase at one of Target’s locations, your card data is “encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the retailer claims.
“What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident. The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”
But at this point, the situation seems anything but safe and secure.
Target has reaffirmed that it’s working with the Department of Justice and the US Secret Service to find those responsible for the theft, and bring them to, well, justice.