Target: Customer PIN Data Is Encrypted
Despite the massive theft of credit and debit card account information on Target customers, the retailer emphasizes that critical information is still encrypted.U.S. retail giant Target is still reeling from the impact of a massive data breach affecting 40 million credit and debit card accounts, though the company is now emphasizing that things are not quite as bad as some might think. Target publicly acknowledged on Dec. 19 that its U.S. retail stores had been the victim of a data breach. In the days since, few details on the actual method used by attackers to exploit Target have been officially disclosed, though Target has provided new insight into some of its own security practices. The Target hack targeted point-of-sale payment systems, including those used by retail consumers to enter their debit card PIN. In order for anyone to use a debit card, a PIN number is required, making the security of the PIN information an extremely critical component of any retailers' infrastructure. In a public media update published Dec. 27, Target stressed that its customers' PIN information was strongly encrypted using the Triple Data Encryption Standard (DES).
"The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems," Target stated.