TARGET BREACH: Encrypted PIN data stolen too? - KMSP-TV

TARGET BREACH: Encrypted PIN data stolen too?

Posted: Updated:
  • TARGET BREACH: Encrypted PIN data stolen too?More>>

  • Target confirms debit card PIN data stolen, but 'safe'

    Target confirms debit card PIN data stolen

    Friday, December 27 2013 3:38 PM EST2013-12-27 20:38:47 GMT
    Target confirmed Friday that encrypted debit card PIN data was stolen in the Nov. 27 through Dec. 15 credit and debit card breach, but the company is "confident that PIN numbers are safe and secure."
    Target confirmed Friday that encrypted debit card PIN data was stolen in the Nov. 27 through Dec. 15 credit and debit card breach, but the company is "confident that PIN numbers are safe and secure."
MINNEAPOLIS (KMSP) -

The massive data breach that hit Target last week may have grown in scope with the revelation that those responsible may have also stolen encrypted PIN numbers from their victims.

One payment executive at Target told Reuters Thursday that, in addition to the millions of compromised credit and debit card numbers, PIN number data -- although encrypted -- was also swiped.

"Target, at this point, may or may not understand the information that truly has been compromised," Mark Lanterman, CEO and chief technical officer of Computer Forensic Services, commented.

Already, at least one bank has admitted it is concerned the thieves could crack the code and make fraudulent withdrawals from its customer's accounts. That's why many banks are now urging customers to take even greater steps to protect themselves.

Target did confirm some encrypted data was stolen, but the company has not offered any details. Yet, whether or not the nation's third largest retailer knows or just isn't saying, Lanterman said he would not be surprised if the PIN numbers are also compromised.

"Even though I'm not personally involved in this investigation, I knew -- just from the use of the term 'track data' that PIN numbers were likely compromised," he said.

The sort of data that was affected is found on the magnetic strip on the back of most credit cards, and security blogger Brian Krebs, who first broke the story of the breach, said the data is already flooding the black market, fetching upwards of $100 per card.

"Think of the hackers as farmers. What they've done is they have collected their crop and now they're going to take it to market," Lanterman said.

The retail breach is already being hailed as the second-largest in U.S. history, with as many as 40 million credit and debit card users who shopped in stores between Nov. 27 and Dec. 15 affected by the theft. Yet, Target responded to the Reuters report by saying they have "no reason to believe that PIN data, whether encrypted or unencrypted, was compromised."

Regardless of whether PIN data was compromised or not, cyber security experts like Lanterman say this breach should serve as a wake-up call for both the industry and consumers alike.

"We've reached the point where the value of this information to the criminal element is so high that they will put a huge amount of time and effort and technology into getting the information," Alan Brill, computer security expert, said. "Until we make the transition to a more secure system, this is likely to continue to happen."

Until now, Target and card-issuing banks have urged customers to monitor their statements for suspicious activity; however, Lanterman cautions the only way to ensure affected customers won't be victimized further is to get a replacement card with a new number.

"Consumers need to take responsibility for their own security," he recommended. "If you have used a card at Target during this period of time, cancel it."

The investigation into the data breach remains ongoing. Both the U.S. Secret Service and the Department of Justice are involved.

Powered by WorldNow

KMSP-TV
11358 Viking Drive
Eden Prairie, MN 55344

Phone: (952) 944-9999
Fax: (952) 942-0455

Didn't find what you were looking for?
All content © Copyright 2000 - 2014 Fox Television Stations, Inc. and Worldnow. All Rights Reserved.
Privacy Policy | Terms of Service | Ad Choices