Retail giant Target confirmed Friday that the credit and debit card information stolen in the massive breach earlier this month included PIN data, along with customers’ names and card numbers.
However, Target said it believes the PIN numbers are safe because the data was strongly encrypted, reports the Associated Press. The retailer explained that the PIN information can only be decrypted by its own external, independent payment processor. In a statement to the media, Target said:
While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.
The data breach, which occurred between Nov. 27 and Dec. 15, compromised the accounts of about 40 million credit and debit cards used in Target stores. Security experts are calling it the second largest theft of card accounts in U.S. history. The Minneapolis-based retailer has been working with the Secret Service and the Department of Justice to investigate the incident.
Here are some best practices for credit card users, compiled by the PBS NewsHour: