Target was hacked during the busy Christmas shopping season and the resulting data breach is believed to have compromised as many as 40 million credit cards. This breach is notable because it didn’t affect online shoppers, rather the card data stolen was obtained by Target when cards were swiped in stores.
Some regional banks have already confirmed that the data theft did include their customers and were waiting to shut off around 5000 cards to ensure that cardholders weren’t left unable to access cash over the holidays. The banks found their customer card data on a black market site that sells stolen credit cards. Some of the early reports on the credit card data theft suggested that debit card PIN numbers may have been among the data stolen.
Target has now come out and said that PIN numbers weren’t part of the data stolen in the attack. Target issued a statement that says based on talks with financial institutions there is no indication that PIN data was stolen in the breach.
Since the data breach occurred, target is now under investigation by the Department of Justice and the Secret Service. Target is also facing a class action suit for failing to maintain “reasonable” security. Target says that its guests need to know they will bear no liability for fraudulent charges associated with the breach.