Reuters: Target hackers got encrypted bank PINs as well

Target Hackers Encrypted PIN Data

The hackers who managed to steal data for up to 40 million credit cards used in Target stores on Black Friday and in following weeks have reportedly accessed the associated encrypted personal identification numbers (PINs) as well, which could be cracked and used to make fraudulent withdrawals. Reuters revealed the news in a recent report, which cited “a senior payments executive familiar with the situation.” However, Target says that unencrypted PINs were not accessed during the “sophisticated” digital heist and that there was no evidence that PINs were compromised, even if encrypted data that may have or may have not contained encrypted PINs was stolen.

“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Target spokeswoman Molly Snyder said by email. “We are very early in an ongoing forensic and criminal investigation.”

Meanwhile, two banks have taken measures to reduce the risk of hackers accessing the accounts of customers. JPMorgan Chase and Santander Bank lowered ATM withdrawal limits and put a cap on the amount of money that can be spent at stores. Furthermore, JPMorgan was able to issue replacement debit cards for some of its customers.

The worry is that the hackers will be able to bypass PINs encryption and replicate credit and debit cards using the other card-related data stolen from Target. Soon after Target confirmed the data breach, it was discovered that stolen cards were already trading in the underground black markets in batches of one million, with prices going from $20 to $100 per card. Additionally, FOX News has learned that Target is also warning customers that they may be targeted by phishing emails following the digital attack.

Source:
Reuters, FOX News
blog comments powered by Disqus