Jump to content
aelius

Target Confirms Encrypted PIN Data Was Stolen in Security Breach

Recommended Posts

Posted

Following the recent disclosure of a massive data breach that affected nearly 40 million customers, retail giant Target has now confirmed that encrypted PIN data from card transactions was accessed by hackers.

Target, which on Dec. 23 confirmed it was working with the United States Secret Service and the Department of Justice to investigate to investigate the incident, has reversed earlier statements that PIN numbers had not been compromised in the breach.

“While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,” a Target spokesperson told SecurityWeek on Friday in an emailed statement.

While encrypted PIN numbers may have been accessed by attackers, Target is confident that because the information was fully encrypted, customers should not panic.

“We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the statement continued.

According to the retail giant, when a customer uses a debit card in a Target store and enters a PIN, the PIN is encrypted at the keypad using the popular Triple DES encryption standard.

Target said it does store the encryption key in its system, and that it does not have access to the encryption key used to store PIN data.

“The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the company explained.

“What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”

According to Target, debit card accounts have not been compromised due to the encrypted PIN numbers being taken.

Source: Target Confirms Encrypted PIN Data Was Stolen in Security Breach | SecurityWeek.Com

Related article: Experts Debate How Hackers Stole 40 Million Card Numbers from Target | SecurityWeek.Com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...