Target: Encrypted PIN’s Taken During Security Breach
NEW YORK, N.Y. (WGGB) — Target confirms that encrypted PIN data was taken during a recent security breach, but they are “confident” that that information is “safe and secure.”
In a statement released Friday, Target explains that they have been able to confirm that the “strongly encrypted” data was removed during the breach, which compromised the credit and debit cards of about 40 million customers who made purchases in their U.S. stores from November 27 through December 15.
The company notes that the PIN information was “fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”
Target adds the “key” needed to decode – or decrypt – that information is not housed within their systems and as a result, could not have also been taken during the breach. They note that that PIN data can only be decoded when “it is received by our external, independent payment processor.”
“The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken,” the statement explains.
Target says that the investigation into the breach remains ongoing.
The Associated Press reports that more than a dozen customers have filed lawsuits against the retailer, with some alleging negligence.