Target: Customers' encrypted PINs were stolen - 21 News Now, More Local News for Youngstown, Ohio -

Target: Customers' encrypted PINs were stolen

Posted: Updated:

ATLANTA (AP) - Target said Friday that debit-card PINs were among the financial information stolen from millions of customers who shopped at the retailer earlier this month.

The company said the stolen personal identification numbers, which customers type into keypads to make secure transactions, were encrypted and that this strongly reduces risk to customers. In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target stores between Nov. 27 and Dec. 15.

Security experts say it's the second-largest theft of card accounts in U.S. history, surpassed only by a scam that began in 2005 involving retailer TJX Cos.

"We remain confident that PIN numbers are safe and secure," spokeswoman Molly Snyder said in an emailed statement Friday. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

However, Gartner security analyst Avivah Litan said Friday that the PINs for the affected cards are vulnerable and people should change their codes since such data has been decrypted, or unlocked, before. In 2009 computer hacker Albert Gonzalez pleaded guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted retailers such as T.J. Maxx, Barnes & Noble and OfficeMax. Gonzalez's group was able to unlock encrypted data. Litan said changes have been made since then to make decrypting more difficult but "nothing is infallible."

"It's not impossible, not unprecedented (and) has been done before," she said.

Besides changing your PIN, Litan says shoppers should instead opt to use their signature to approve transactions because it is safer. Still, she said Target did "as much as could be reasonably expected" in this case.

"It's a leaky system to begin with," she said.

Credit card companies in the U.S. plan to replace magnetic strips with digital chips by the fall of 2015, a system already common in Europe and other countries that makes data theft more difficult.

Minneapolis-based Target Corp. said it is still in the early stages of investigating the breach. It has been working with the Secret Service and the Department of Justice.

__

Ortutay contributed from San Francisco.

Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

  • More From wfmj.comMore>>

  • Man charged for urinating on Modell's grave

    Man charged for urinating on Modell's grave

    Tuesday, July 29 2014 9:58 PM EDT2014-07-30 01:58:59 GMT
    Baltimore County authorities say they will charge a man with disorderly conduct in a cemetery for allegedly urinating on the gravesite of former Baltimore Ravens owner Art Modell.More >>
    Baltimore County authorities say they will charge a man with disorderly conduct in a cemetery for allegedly urinating on the gravesite of former Baltimore Ravens owner Art Modell.
    More >>
  • Senate passes highway bill, sends it back to House

    Senate passes highway bill, sends it back to House

    Tuesday, July 29 2014 8:47 PM EDT2014-07-30 00:47:27 GMT
    The Senate is scheduled to take up legislation Tuesday to keep federal highway money flowing to states, with just three days left before the government plans to start slowing down payments.More >>
    The Senate voted Tuesday to keep federal highway money flowing to the states into December but only after rejecting the House's reliance on what lawmakers called a funding "gimmick" and moving to force a post-election...More >>
  • 1 of 2 Ohio plane crash victims not yet identified

    1 of 2 Ohio plane crash victims not yet identified

    Monday, July 28 2014 9:48 PM EDT2014-07-29 01:48:43 GMT
    FINDLAY, Ohio (AP) - Authorities in northwest Ohio are still trying to identify one of two people killed in a weekend plane crash. One of the victims in the crash near Findlay was the CEO of an Ohio manufacturing company. A coroner was trying to identify the remains of a woman killed in the crash, but the Hancock County Sheriff's Office says DNA testing may be needed. Deputies say Ralf Bronnenmeier, CEO of Grob Systems in Bluffton, was piloting the single-engine plane that crashed early Sund...More >>
    FINDLAY, Ohio (AP) - Authorities in northwest Ohio are still trying to identify one of two people killed in a weekend plane crash. One of the victims in the crash near Findlay was the CEO of an Ohio manufacturing company. A coroner was trying to identify the remains of a woman killed in the crash, but the Hancock County Sheriff's Office says DNA testing may be needed. Deputies say Ralf Bronnenmeier, CEO of Grob Systems in Bluffton, was piloting the single-engine plane that crashed early Sund...More >>
Powered by WorldNow
All content © Copyright 2000 - 2014 Worldnow and WFMJ. All Rights Reserved. For more information on this site, please read our Privacy Policy and Terms