Target maintains that shoppers’ personal identification numbers (PINs) are safe following a data breach that affected more than 40 million customer credit and debit cards in November and December.
But one report says otherwise.
On Wednesday, Reuters cited an anonymous payment executive “familiar with the situation” who claimed that the Target hackers also managed to steal encrypted PINs. At least one major bank is concerned the thieves could crack the encryption code, said the executive.
If the Target hackers have access to customer PINs along with their credit or debit card information, they could hypothetically make fraudulent withdrawals from victims’ bank accounts.
Target denies the report.
“To date, there is no evidence that unencrypted PIN data has been compromised,” the American discount retailer said in a statement. “In addition, based on our communications with financial institutions, they have also seen no indications that any PIN data was compromised.”
The Secret Service and the U.S. Department of Justice are investigating the Target breach. The retailer has yet to provide information about how hackers accessed its customer data, though it described their tactics as “sophisticated.”
The company is offering free credit monitoring to affected customers, but it’s still facing class-action lawsuits for failing to follow reasonable security procedures to safeguard customer information. It could also face major fines from credit card vendors.
In response to the Target hack, JPMorganChase and Santander Bank said they’ve lowered the limits on the amount of cash people can remove from their ATMs.
If you shopped at a U.S. Target store between Nov. 27 and Dec. 15, it would be prudent to monitor your credit card for fraudulent charges and change your PIN. The thieves are reportedly unloading millions of card numbers on underground markets.
VentureBeat has reached out to Target for more information.