Nationwide retailer Target confirmed today that hackers have made off with “strongly encrypted PIN data” in addition to the 40 million credit and debit card numbers, expiration dates, cardholder names and CVV data the company reported stolen last week.
“On Dec. 27, we were able to confirm, through additional forensic work, that strongly encrypted PIN data was removed,” explained Target via its website. “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”
The key needed to unscramble the stolen bankcard PIN data does not exist on Target’s computer system. That means it’s impossible for thieves to have stolen it through the same hack. Still, with more information about the Target data breach coming in by the day, it seems far too early to suggest there’s no way for thieves to reverse engineer a key. Passwords stolen from Adobe last month, though encrypted, were as easy to decode as a crossword puzzle.
Target does not believe it necessary for you to change your PIN at this time. Still, if you used your bank debit card between November 27 and December 15, 2013 at a Target retail location, Techlicious recommends you request a new card from your bank (if you haven’t done so already) and use a new PIN. Your card's PIN can usually be changed at an ATM.
Like with computer passwords, you should never reuse PIN numbers. And make sure your PIN isn’t easily guessed information – if you use the month and year of your birthday as your PIN, for example, a thief could easily guess it by viewing your public Facebook page.
For more information on the Target data breach, read Techlicious’s past coverage and Target’s Payment Card Issue FAQ at the company’s website.
[Credit card payment terminal via Shutterstock]