By now everyone knows that Target customer credit and debit card data was compromised from November 27-December 15th. This past weekend Target tried to make amends by giving every customer 10% off their total purchase, but according to many news sources that may not have been enough to get shoppers back in the holiday spirit at the nation’s second largest discount chain.
Now, the talk around the data heist centers on customer PIN numbers. At first it was reported that encrypted customer PIN numbers from debit card transactions were not compromised. However, there are now conflicting reports as to whether that data was actually taken or not.
Reuters cited an anonymous source on Tuesday saying that yes, customer’s encrypted PIN numbers were also stolen in the heist. They quoted a “senior payments executive familiar with the situation”.
Although the data was encrypted Reuters said that “one major U.S. bank fears that thieves would be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts…”.
While various reports across the Internet suggest that some of the stolen credit card data has already been used to make purchases, no reports have come up yet suggesting that cash has been withdrawn. The data is reportedly being sold on the black market. However, with every passing day that data becomes less and less valuable as all of the major banks have already put anti-fraud measures in place.
Target disputes the allegations that the PIN data was stolen.
“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Molly Snyder a Target spokeswoman told Reuters by email. “We are very early in an ongoing forensic and criminal investigation.”
Target has still not said how thieves were able to compromise their customer data, from what is believed to be the largest consumer data heist in history. Target has revealed that the data was obtained through the pin pads that customers use to swipe their credit and debit cards at every one of their nearly 1800 stores across the country.
For now we will have to wait and see if an official word comes as to whether or not the PIN data was actually compromised.
Image: LA Times