After confirming that hackers made off with sensitive data belonging to some 40 million customers, Target has revealed that encrypted PIN details were swiped in the attack too. Some of the details, including credit card numbers and expiry information, have already begun surfacing online.
Despite the vulnerability, Target claims that PIN data stolen in the attack remains safe. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” Target said of the Triple DES encryption it uses. Payment information associated with cards used in-store can only be decrypted by the independent entity that processes payments, meaning that the decryption keys needed to access PIN numbers could not have been accessed in the attack.
"The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken," Target insisted in a statement, adding that it's working with authorities to track down those responsible for the breach.
[via The Verge]