Target: Encrypted PIN Data Among Hacked Information

Following the theft of credit card and debit card data from as many as 40 million accounts first announced on Dec. 19, in addition to later reports that the stolen data included customer PIN numbers, Target (NYSE: TGT  ) confirmed today that "strongly encrypted PIN data was removed."

However, Target added in its statement that customer PIN data remains safe, due to the nature of the encryption. Triple DES encryption is derived from the 64-bit Data Encryption Standard (DES) algorithm, though it uses three 64-bit strings, for a total of 192 bits, to increase data security.

Accessing Target customers' stolen PIN numbers requires decrypting the data using a "key" which Target asserts could not have been hacked because:

Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target's systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the "key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.

Target added it is "still in the early stages of this criminal and forensic investigation." A recent press release also noted that Target is working with the Secret Service and U.S. Department of Justice, and will host a follow-up call on Jan. 6 with attorneys general from around the country.

Gartner security analyst Avivah Litan said Friday that the PINs for the affected cards are not safe and people "should change them at this point." Litan said that while she has no information about the encrypted PIN information in Target's case, such data has been decrypted before.

In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target stores between Nov. 27 and Dec. 15.

-- Material from The Associated Press was used in this report.

link


Read/Post Comments (0) | Recommend This Article (0)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

Be the first one to comment on this article.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2777562, ~/Articles/ArticleHandler.aspx, 11/28/2014 7:27:03 PM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement