In a reversal of its earlier position, Target announced Friday that PIN data was stolen when the company was hacked, but said the data is secure because it was encrypted.
In an exclusive story on Christmas day, Reuters quoted an anonymous official who said PIN data was hacked
, but Target denied the information and said no unencrypted data was taken and PIN numbers weren’t compromised.
Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll
“This morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,” the company said in a statement
. “We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”
The company’s statement explained in detail that a PIN entered in a store is encrypted at the keypad with security called Triple DES. “Target does not have access to nor does it store the encryption key within our system,” the statement said, explaining that the key to access that data could not have been taken during the breach because the company doesn’t have it.
“The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken,” the Target release said.
Password security consultant Per Thorsheim told CNN Money that it would be “difficult or impossible to decrypt” PIN numbers
that were protected by the Triple DES security, depending on whether the payment processor’s key was “robust enough.” Target would not identify its payment processor.
With such encryption in place, it’s unlikely the PIN could be used to get money out of ATMs.
Customers who are concerned their debit card PINs may have been breached should call their financial institution to change their PINs and get new cards.
Editor's Note: ObamaCare Is Here. Are You Prepared?
© 2014 Newsmax. All rights reserved.