Target’s Hacking Woes Get Worse as Retailer Admits PIN Data Also Stolen

Retail giant Target’s headache over the massive theft of as many as 40 million credit and debit cards continue to grow. The retailer is now admitting that thieves not only lifted the Target RedCard numbers, but also the PIN numbers essential for making transactions. In prior statements, the merchant affirmed that PIN data was not part of the data stolen by hackers. Now, the company has reversed itself and said that the PIN information was stolen but is “safe” due to the fact that it is natively stored using heavy encryption.

Those words may not come across as reassuring from the company who thieves were able to hack for the second largest identity theft in US history. Now, Target is saying that the PIN data is useless without the decryption key and they are affirming the decryption keys were not stolen. The company stated that they use a type of encryption algorithm called “Triple DES” which is supposedly difficult or impossible to crack. Hopefully, it will be more difficult to crack the encryption process than it was for thieves to steal 40 million RedCard account numbers. Should the thieves crack the PIN codes, they will be able to use the RedCard debit cards at ATM machines for cash withdraws.

On The Web:
Target Admits PIN Data Also Stolen
http://money.cnn.com/2013/12/27/technology/target-pin/index.html