Reports of Stolen PINs Add to Target’s Security Headache

Source: Kevin Dooley / Flickr

The Christmas holiday is over, but Target (NYSE:TGT) is far from finished navigating its security breach drama. After already suffering struggling sales in what is considered the most lucrative time of the year for retailers, a major blow came to the Minneapolis, Minnesota-based retailer last week when it discovered that hackers stole data from as many as 40 million cards used at Target stores during the first three weeks of the holiday shopping season. Target has now offered free credit monitoring to consumers, promised those affected they wouldn’t be responsible for fraudulent charges, and has extended discounts. But what’s done is done, and now some are even saying that Target hackers have their hands on encrypted bank PINs, only adding to the widespread alarm.

According to Reuters, a senior payments executive familiar with the situation told reporters Tuesday that the hackers who attacked Target also managed to steal encrypted personal identification numbers. This would be problematic for consumers because having access to the codes gives thieves the ability to make fraudulent withdrawals from consumer bank accounts, further exasperating the mess already created by the security breach.

However, a Target spokesperson denied reports of PIN theft and said in a statement that same day, “To date, there is no evidence that unencrypted PIN data has been compromised. In addition, based on our communications with financial institutions, they have also seen no indications that any PIN data was compromised. Our priority continues to be the security of our guests and we are working around the clock to address this issue.”