Watch CBS News
Los Angeles

Target Admits Encrypted PINs Were Stolen During Massive Security Breach

/ KCAL News

MONTCLAIR (CBSLA.com) — Target Corp. admitted Friday that encrypted personal identification numbers were stolen during a massive security breach involving 40 million customers' debit and credit cards.

KCAL9's Tom Wait reports the retailer initially denied PINs were taken, along with other account information.

Target is now reassuring customers that even though PINs were hacked, they are protected.

In a statement, Target said, in part, "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

However, Avivah Litan, a security analyst from Gartner Security, reports it's possible for hackers to decode them.

"It's not impossible, not unprecedented, (and) has been done before," she said.

Sylvia Medina is among those whose bank account number and PIN could be in the hands of criminals.

"Of course it was upsetting," she said. "I didn't know… at one point…what I should do. She just said just watch…keep going online and keep watching your card and see if there's anything that's been charged that you didn't charge."

Some customers said they're having a hard time getting through to Target to get more information or to cancel their store accounts.

"I call at least three times a day," Barbara Leming said. "I've been doing it for seven days. I can't get through. I just went now into the store to cancel my card and they don't do it here."

Shoppers know they have to be on guard.

"I transferred most of my balance into my savings, so that that wouldn't be affected," Medina said. "It's upsetting, but, you know, it could happen anywhere."

Dr. Clifford Neuman, a USC professor and the director of USC's Center for Computer Systems Security, said now is the time to be more vigilant and proactive with debit card transactions.

"Those who use their debit card without the PIN shouldn't need to be as concerned," he said.

Neuman also said that consumers should be aware of other fraudulent cases.

"Be cautious about getting spam emails that say, 'We've observed fraudulent charges on your card,'" he said.

Overall, Neuman advises Target customers to:

  • Change PIN immediately at bank
  • Eventually order new bank card
  • Monitor statements and account activity daily
  • Only use PIN for ATM and cash back transactions

First published on December 27, 2013 / 4:40 PM PST

© 2013 CBS Broadcasting Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.