Jump to content

Target now admits: Encrypted PIN numbers taken in recent credit card data theft


Recommended Posts


Target: Encrypted PIN numbers taken in recent credit card data theft


John Callaham  

December 28, 2013


Last week, retailer Target announced that 40 million credit and debit card numbers had been taken from its database. So far, the identities of the people behind the cyber attack are still unknown but today Target revealed the theft also involved the PIN numbers that were linked to those cards.




In theory, the thieves who took the PIN numbers could use them in combination with the credit card data to make withdrawals from customer bank accounts. However, Target's statement today claims that the numbers are "strongly encrypted", adding that the encryption key needed to unlock those PINs is part of an external and independent payment database.


Target said, "The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."


The credit card data was taken from Target's servers between November 27th and December 15th. The Krebs on Security website, which first broke the story of the Target cyber attack, says that many of those credit card numbers are now being distributed in underground online shops frequented by hackers.


Target has said it plans to offer free credit monitoring to the customers that have been affected by this incident but details have not been announced.


Source: Target | Credit card encrypt image via Shutterstock

via SOURCE: http://www.neowin.net/news/target-encrypted-pin-numbers-taken-in-recent-credit-card-data-theft





Link to post
Share on other sites

Yep, I saw that the other day.


Their brand reputation has taken a SERIOUS hit.

Of course, the same lax security is probably rampant throughout the retail megalopolis.

They were just the unlucky ones, I suppose.




It's more than enough to justify the nasty stares and snarky comments of other shoppers in line at the checkout to pay "the old fashioned way" with a paper check or even cash.



Link to post
Share on other sites

Its getting worst....

Breach goes from bad to worse for Target and its customers

Company now says data on up to 110 million customers exposed -- up from 40 million -- and that hackers accessed more data than previously thought

Target's acknowledgement Friday that personal data of 110 million people, not 40 million as previously thought, may have been exposed to hackers in a recent data breach raises new questions about the incident and how it could affect victims.

Target today said that an ongoing investigation of the data breach has revealed that "guest information" such as names, mailing addresses, phone numbers, and email addresses of customers may have been accessed by the same thieves who hacked into its systems last month.

Much of the exposed data is "partial in nature," the company said in a statement this morning. In cases where a customer email address is available, Target said it would attempt to contact affected individuals.

"We know that it is frustrating for our guests to learn that this information was taken and we are sorry they are having to endure this," said Target chairman and CEO Gregg Steinhafel in the statement.

Target in mid-December revealed that hackers had broke into its systems between Nov. 27 and Dec. 15 and accessed data on up to 40 million debit and credit cards. At the time, Target said that hackers gained access to cardholder names, credit or debit card numbers, card expiration dates and CVV security codes.

Target now says that its subsequent investigation found that data from 30 million more people was exposed. "This theft is not a new breach, but was uncovered as part of the ongoing investigation," the company said.

The update shows that the breach exposed data on about one third of the adult population of the United States, noted James Huguelet, and independent security consultant who specializes in retail security. "It now implies that consumers who shopped at Target outside of the approximately one month the breach was active have now become potentially affected by this breach," he said. Target's statement suggests that in some cases, only an individual's e-mail address might have been compromised, while in others, the mailing address might have been exposed. Huguelet said the "partial" exposure implies "that multiple systems containing different types of information were compromised [though] that's purely speculative at this point."

Hackers using the stolen information can now target victims with highly sophisticated spear-phishing attacks Huguelet warned.

"I can see a criminal being able to create a very effective attack with each e-mail sent having been customized to include the target's name, address, and phone number. This could very well lead to a massive wave of identity theft across the United States," he said.

Huguelet suggested that all Target customers accept the retailer's offer to provide free credit monitoring, though he added, "I'm surprised that Target is not making this available immediately." Attacks could already be underway and the credit monitoring may come too late for some victims, he said.

Read Full Story by clicking on CW Logo Below....


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.