Target says PINs stolen, but confident data secure
By Jim Finkle and Dhanya Skariachan
BOSTON/NEW YORK (Reuters) - Target Corp said PIN data of some customers' bank ATM cards were stolen in a massive cyber attack at the third-largest U.S. retailer, but it was confident that the information was "safe and secure."
The stolen PIN data was "strongly encrypted" when it was removed from Target's systems, spokeswoman Molly Snyder said in a statement on Friday.
"The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken," Snyder said.
News of the PIN theft was first reported by Reuters on Tuesday.
Target uses the Triple DES encryption standard that can only be unlocked with a digital cryptographic "key" when the PIN data is received by the company's outside payment processor, she noted.
Target has declined to identify its payment processor.
"The 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident," Snyder said.
Some security experts said that even if the encryption is not broken, cyber criminals can still break the PINs. Continued...