Click to Skip Ad
Closing in...

Target: Yes, hackers got encrypted PINs along with stolen cards

Published Dec 27th, 2013 2:15PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Target on Friday confirmed that hackers managed to steal encrypted data including encrypted PINs, as reported by Reuters earlier this week, but added that the PIN numbers are still safe and hackers shouldn’t be able to use the information to compromise debit cards. According to the retailer, the PIN information is encrypted at the keypad and it remains encrypted within the system until it is decrypted only by the external payment processing company. The PINs were encrypted with Triple DES, “a highly secure encryption standard used broadly throughout the U.S.” 

“Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the company wrote. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”

Even though Target is trying to reassure its customers that their information is still safe, some banks have already started to issue replacement cards while also lowering limits for existing cards. Meanwhile, stolen credit card data has already been seen trading on the black market, and some phishing attempts targeting potential Target victims have been reported.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.