Ouch: Target Confirms Encrypted PIN Codes Were Stolen in Data Theft


Target (NYSE:TGT) had more data security updates to share Friday, but unfortunately, its news wasn’t all that rosy. The Minneapolis, Minnesota-based retailer confirmed in a blog post that PIN codes used to secure ATM cards were indeed stolen as part of the massive data breach that involved 40 million cards used at Target stores during a three-week period.

In its admission, Target maintained that the stolen PIN information was “strongly encrypted” when it was removed, and asserted that, “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”

Target was careful to explain the convoluted encryption process that a thief would have to go through to access consumers’ bank account information, explaining that, “Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor.” However, despite its fervent assertions, Target customers are still expected to foster heightened concern over the security of their information, and they may be less likely to visit Target stores in the future, further damaging the company in the wake of the second largest security breach suffered by a U.S. retailer.