Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Target Denies That Custom...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

Omaha Steve

(99,669 posts) Wed Dec 25, 2013, 01:25 PM Dec 2013

Target Denies That Customer PIN Data Stolen During Huge Security Breach

Source: ABC News

By AARON KATERSKY

This is no holiday at the corporate offices of Target Corp., which is still trying to contain the damage from a far-reaching data breach.

Target, based in Minneapolis, Minn., says it is working "around the clock" to address the concerns of its customers, 40 million of whom had their credit and debit card information exposed when hackers breached the retailers systems between Nov. 27 and Dec. 15. Though Target said the manner of the theft is still under investigation, some experts say malware infected the swipe machines at store registers and likely traveled into Target's payment processor.

In addition to names, account numbers and expiration dates, cybersecurity experts fear the hackers were able to steal encrypted PIN data, thought Target denies it.

"To date, there is no evidence that unencrypted PIN data has been compromised," Target said in a statement. "In addition, based on our communications with financial institutions, they have also seen no indications that any PIN data was compromised."

FULL story and video at link.


Read more: http://abcnews.go.com/Business/target-denies-pin-numbers-stolen-huge-security-breach/story?id=21334389

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 9 replies, 1592 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (4) ReplyReply to this post
9 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Target Denies That Customer PIN Data Stolen During Huge Security Breach (Original Post) Omaha Steve Dec 2013 OP
They make their workers pee in a cup for a secure work environment bucolic_frolic Dec 2013 #1
Speak it Tell It!! LovingA2andMI Dec 2013 #7
I think it's more than just potential bucolic_frolic Dec 2013 #8
"there is no evidence that unencrypted PIN data has been compromised" DJ13 Dec 2013 #2
It's weasel words. Lasher Dec 2013 #5
Reuters: Target hackers stole encrypted bank PINs - source Eugene Dec 2013 #3
The root problem is the antiquated magnetic strip on the credit card. RC Dec 2013 #4
It's a bit more complicated... reACTIONary Dec 2013 #6
I'm glad I didn't.. sendero Dec 2013 #9

bucolic_frolic

(43,206 posts)
1. They make their workers pee in a cup for a secure work environment
Reply to Omaha Steve (Original post)
Wed Dec 25, 2013, 01:42 PM
Dec 2013

but they can't keep customer credit card data safe!!

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

LovingA2andMI

(7,006 posts)
7. Speak it Tell It!!
Reply to bucolic_frolic (Reply #1)
Wed Dec 25, 2013, 11:05 PM
Dec 2013

Bucolic_Frolic! Yes, because making potential front-line employees pee in a cup is really going to make these wonderful Corporations "More Secure".

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

bucolic_frolic

(43,206 posts)
8. I think it's more than just potential
Reply to LovingA2andMI (Reply #7)
Thu Dec 26, 2013, 08:04 AM
Dec 2013

it's random, applied to everyone at any time, not just pre-employment

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

DJ13

(23,671 posts)
2. "there is no evidence that unencrypted PIN data has been compromised"
Reply to Omaha Steve (Original post)
Wed Dec 25, 2013, 01:53 PM
Dec 2013

Wait, so they admit pin data was "unencrypted"?!

Oh boy, that was a dumb statement.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Lasher

(27,605 posts)
5. It's weasel words.
Reply to DJ13 (Reply #2)
Wed Dec 25, 2013, 03:25 PM
Dec 2013

The compromised PINs were encrypted, so they are correct in saying no unencrypted PINs were stolen. They would be incorrect to say no PINs were stolen, as they would be if they were to claim that it's impossible for the encrypted PINs to be decrypted.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Eugene

(61,914 posts)
3. Reuters: Target hackers stole encrypted bank PINs - source
Reply to Omaha Steve (Original post)
Wed Dec 25, 2013, 01:54 PM
Dec 2013

Source: Reuters

Exclusive: Target hackers stole encrypted bank PINs - source

BY JIM FINKLE AND DAVID HENRY
BOSTON/NEW YORK Wed Dec 25, 2013 12:44am EST

(Reuters) - The hackers who attacked Target Corp and compromised up to 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers (PINs), according to a senior payments executive familiar with the situation.

One major U.S. bank fears that the thieves would be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts, said the executive, who spoke on the condition of anonymity because the data breach is still under investigation.

[font size=1]-snip-[/font]


Read more: http://www.reuters.com/article/2013/12/25/us-target-databreach-idUSBRE9BN0L220131225
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

RC

(25,592 posts)
4. The root problem is the antiquated magnetic strip on the credit card.
Reply to Omaha Steve (Original post)
Wed Dec 25, 2013, 03:17 PM
Dec 2013

Most other countries have long gone to a more secure chip imbedded in the card.
This hack job could have just as easily been K-Mart or Wal-Mart, or Kohls, or Dillards, or Bloomingdale's, or any number of large department stores.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

reACTIONary

(5,770 posts)
6. It's a bit more complicated...
Reply to RC (Reply #4)
Wed Dec 25, 2013, 08:39 PM
Dec 2013

...Target stores the credit card information for use in processing returns. If you return an item, they scan the receipt and the refund goes right back onto your card, without you having to present the card. This database would be collected and would present a vulnerability regardless of whether the information came from a smart card or a mag card. The mag card is not the vulnerability.

Magnetic strip cards are easier to counterfeit than are the smart cards - this makes information stolen from magnetic cards more valuable - not more vulnerable. Since magnetic cards aren't used as much outside of America, hackers focus on American databases because they know most of the cards can be duped onto cheep magnetic card counterfeits.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

sendero

(28,552 posts)
9. I'm glad I didn't..
Reply to Omaha Steve (Original post)
Thu Dec 26, 2013, 09:52 AM
Dec 2013

... shop at Target during the hack period. If they got encrypted PINs, it would be pure folly to think it will be that difficult for them to break the encryption.

The fact that banks "haven't seen any evidence" is scant comfort also, these people are not stupid they know there is a concerted effort to find them, they are not going to start using this data immediately.

Target can minimize all they want, this is a big deal and the problem will persist for years.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Latest Breaking News»Target Denies That Custom...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.