Target challenges report that hackers stole PINs in data breach
Target maintains that shoppers’ personal identification numbers (PINs) are safe following a data breach that affected more than 40 million customer credit and debit cards.
But one report says otherwise.
On Wed., Reuters cited an anonymous payments executive “familiar with the situation” who claimed that the Target hackers also managed to steal encrypted PINs. At least one major bank is concerned the thieves could crack the encryption code, said the executive.
If the Target hackers have access to customer PINs alongside their credit or debit card information, they could hypothetically make fraudulent withdrawals from victims’ bank accounts.
Target denies the validity of the report.
“To date, there is no evidence that unencrypted PIN data has been compromised,” the American retailer said in a statement. “In addition, based on our communications with financial institutions, they have also seen no indications that any PIN data was compromised.”
The Secret Service and the U.S. Department of Justice are investigating the Target breach. The retailer has yet to provide information about how hackers accessed its customer data, though it described their tactics as “sophisticated.”
The company is offering free credit monitoring to affected customers, but it’s still facing class-action lawsuits for failing to follow reasonable security procedures and safeguard customer information. It could also face major fines from credit card vendors down the line.
In response to the Target hack, JPMorganChase and Santander Bank said they’ve lowered the limits on the amount of cash people can remove from their ATMs.
If you shopped at a U.S. Target store between Nov. 27 and Dec. 15, it would be prudent to proactively cancel your credit card and change your PIN. The thieves are reportedly unloading millions of card numbers on underground markets.
VentureBeat has reached out to Target for more information.Related articlesTarget breach: Millions of credit cards hit black markets (report)Target confirms massive data breach affecting 40M credit and debit cards