It would appear that the debacle Target is facing this holiday season is turning over as we speak. Though they’d previously suggested that findings showed no PIN data to have been stolen in their 2013 credit card breach, today’s update says otherwise. The positive side of this situation is the fact that these PIN numbers are wholly encrypted.
The encryption these PIN numbers are locked up with is called Triple DES. According to Target, Triple DES is “a highly secure encryption standard used broadly throughout the U.S..” The idea that PIN data was taken in the first place was reported false earlier this month - now that seems to have changed.
Target’s current word on the situation is that though they “were able to confirm that strongly encrypted PIN data was removed”, they have no reason to believe that said PIN codes are any less “safe and secure.” Target suggests that “the PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”
”Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.” - Target
Again, it would appear that the credit card information stolen was only done so through in-store visits. Users that’ve only shopped Target online over the past year should have no reason to worry. Target also reminds the public that “their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”
Sigh of relief for you? Let us know how you’re feeling about the situation in the comments section below, or continue to send your comments in through our tip line anonymously if that’s more your speed.