Target Corp attackers also stole encrypted PINs: Report

28 Dec 2013

1

The hackers who attacked Target Corp and compromised around 40 million credit cards and debit cards also stole encrypted personal identification numbers (PINs), Reuters said in an exclusive report, citing a senior payments executive familiar with the situation (See: 40 million credit, debit card accounts breached: Target).

Meanwhile, executives of a major US bank are worried the thieves might be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts - the data breach is still under investigation.

According to Target spokeswoman Molly Snyder, no unencrypted PIN data was accessed and there was no evidence that PIN data had been "compromised." Even as she confirmed that some "encrypted data" had been stolen, she declined to say if that included encrypted PINs.

"We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date," Snyder said by email. "We are very early in an ongoing forensic and criminal investigation."

The No 3 US retailer reported last week that hackers stole data from as many as 40 million cards used at Target stores during the first three weeks of the holiday shopping season, which made it the second-largest data breach in US retail history.

According to Target, the stolen personal identification numbers, which customers typed into keypads to make secure transactions, were encrypted which strongly reduced risk to customers, Associated Press reports.

According to security experts, it was the second-largest theft of card accounts in US history, surpassed only by a scam that started in 2005 involving retailer TJX Cos.

However, according to Gartner security analyst Avivah Litan, the PINs for the affected cards were vulnerable and people should change their codes since such data had been decrypted, or unlocked before.

In 2009, computer hacker Albert Gonzalez pleaded guilty to a number of charges, including conspiracy, wire fraud and other charges, coordinating debit and credit card breaches in 2005 targeting retailers, including TJ Maxx, Barnes & Noble and OfficeMax.

The group successfully unlocked encrypted data. According to Litan, changes had been made since then to make decrypting more difficult, nothing was infallible.

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers