Target Denies That Customer PIN Data Stolen During Huge Security Breach
Source: ABC News
By AARON KATERSKY
This is no holiday at the corporate offices of Target Corp., which is still trying to contain the damage from a far-reaching data breach.
Target, based in Minneapolis, Minn., says it is working "around the clock" to address the concerns of its customers, 40 million of whom had their credit and debit card information exposed when hackers breached the retailers systems between Nov. 27 and Dec. 15. Though Target said the manner of the theft is still under investigation, some experts say malware infected the swipe machines at store registers and likely traveled into Target's payment processor.
In addition to names, account numbers and expiration dates, cybersecurity experts fear the hackers were able to steal encrypted PIN data, thought Target denies it.
"To date, there is no evidence that unencrypted PIN data has been compromised," Target said in a statement. "In addition, based on our communications with financial institutions, they have also seen no indications that any PIN data was compromised."
FULL story and video at link.
Read more: http://abcnews.go.com/Business/target-denies-pin-numbers-stolen-huge-security-breach/story?id=21334389
bucolic_frolic
(43,206 posts)but they can't keep customer credit card data safe!!
LovingA2andMI
(7,006 posts)Bucolic_Frolic! Yes, because making potential front-line employees pee in a cup is really going to make these wonderful Corporations "More Secure".
bucolic_frolic
(43,206 posts)it's random, applied to everyone at any time, not just pre-employment
DJ13
(23,671 posts)Wait, so they admit pin data was "unencrypted"?!
Oh boy, that was a dumb statement.
Lasher
(27,605 posts)The compromised PINs were encrypted, so they are correct in saying no unencrypted PINs were stolen. They would be incorrect to say no PINs were stolen, as they would be if they were to claim that it's impossible for the encrypted PINs to be decrypted.
Eugene
(61,914 posts)Source: Reuters
BY JIM FINKLE AND DAVID HENRY
BOSTON/NEW YORK Wed Dec 25, 2013 12:44am EST
(Reuters) - The hackers who attacked Target Corp and compromised up to 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers (PINs), according to a senior payments executive familiar with the situation.
One major U.S. bank fears that the thieves would be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts, said the executive, who spoke on the condition of anonymity because the data breach is still under investigation.
[font size=1]-snip-[/font]
Read more: http://www.reuters.com/article/2013/12/25/us-target-databreach-idUSBRE9BN0L220131225
RC
(25,592 posts)Most other countries have long gone to a more secure chip imbedded in the card.
This hack job could have just as easily been K-Mart or Wal-Mart, or Kohls, or Dillards, or Bloomingdale's, or any number of large department stores.
reACTIONary
(5,770 posts)...Target stores the credit card information for use in processing returns. If you return an item, they scan the receipt and the refund goes right back onto your card, without you having to present the card. This database would be collected and would present a vulnerability regardless of whether the information came from a smart card or a mag card. The mag card is not the vulnerability.
Magnetic strip cards are easier to counterfeit than are the smart cards - this makes information stolen from magnetic cards more valuable - not more vulnerable. Since magnetic cards aren't used as much outside of America, hackers focus on American databases because they know most of the cards can be duped onto cheep magnetic card counterfeits.
sendero
(28,552 posts)... shop at Target during the hack period. If they got encrypted PINs, it would be pure folly to think it will be that difficult for them to break the encryption.
The fact that banks "haven't seen any evidence" is scant comfort also, these people are not stupid they know there is a concerted effort to find them, they are not going to start using this data immediately.
Target can minimize all they want, this is a big deal and the problem will persist for years.