PINs Stolen in Target Security Breach
Target Corp. is facing further scrutiny following an announcement made by the retail giant in which it confirmed that customers’ encrypted Personal Identification Numbers were also acquired by thieves during a nationwide data breach.
Personal Identification Numbers Compromised
Target announced Friday that PINs were part of the information that was compromised during the cyber heist of 40 million customers’ credit and debit card data.
According to the L.A. Times, Target claims that the PINs are encrypted as customers enter them through a program called Triple DES encryption.
The retailer claims the data remained encrypted upon being acquired by the data thieves and that a ‘key’ which did not exist within Target’s system is required to decrypt the information.
Experts, however, maintain that while it would be very difficult for the hackers to break or bypass the encryption, it is not impossible.
About the Target Data Breach
- Target announced December 15 that the credit and debit card information of 40 million customers had been stolen during a hack that began on November 27.
- Prior to Friday’s announcement, Target had stated that the thieves had only acquired card numbers, customer names and data from the magnetic strip on the back of the card – not PINs or SECs.
- Since December 15, it has also been revealed that the stolen account information is being sold on the black market through underground websites.
- The retailer stated last week that the U.S. Department of Justice has joined the investigation though the agency has not yet issued a statement confirming their involvement.
Contact an Experienced Consumer Protection Attorney
Thomas J. Henry are leaders in the area of consumer protection litigation. Our attorneys have the knowledge and resources to represent clients efficiently and aggressively. If your personal information was compromised as the result of the Target data breach, contact Thomas J. Henry immediately. We are available 24/7, nights and weekends.