Retail giant Target has confirmed that PIN data was stolen during the security breach, contrary to what the company said earlier in the month. However, Target insists that PIN numbers for debit card users are “safe and secure.”
Target’s security breach began on Nov. 27 - Black Friday, the busiest shopping day of the year - and continued through Dec. 15. The company said at first that PIN numbers were not stolen from customers who used their debit cards.
But in a statement today, Target said otherwise. According to CNN, spokeswoman Molly Snyder confirmed that the numbers were stolen, but are still “safe and secure” because they are “strongly encrypted.”
“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” Snyder said.
Target said that PIN numbers are instantly scrambled and encrypted after a customer puts the number in. The numbers were still encrypted when the thieves stole the data. A third-party payment processor has a decryption key, which is needed in order to read the PIN number.
Today’s statement comes as the lawsuits are starting to trickle in. Fox News reports that Department of Justice is beginning its investigation and a dozen customers have filed federal lawsuits, claiming that Target was negligent with customer data.
image: Wikimedia Commons
