The credit and debit-card security breach at Target (TGT) has grown into an even bigger headache for customers with the retailer's admission that encrypted personal identification numbers were stolen.
The retailer on Friday said it has confirmed "that strongly encrypted PIN data was removed." In an emailed statement to the press, the retailer said, "We remain confident that PIN numbers are safe and secure."
That's probably not going to be much of a consolation to Target shoppers, who are already alarmed by the scope of the theft and unclear answers from the retailer. Reuters had reported on Thursday that the thieves had stolen encrypted PIN data, although Target initially denied that any PIN data was "compromised."
At least one major U.S. bank is concerned that the thieves will crack the encryption code and withdraw money from bank accounts, Reuters noted.
Target, however, said the "key" needed to decrypt the data from customers' debit cards didn't exist within its system, given that the PIN information was received by an independent payment processor.
Still, consumers should take steps to protect themselves.
"Consumers can also change their PINs and request new debit cards from their bank," Bankrate credit card analyst Janna Herron told CBS MoneyWatch in an email following Target's disclosure. "Many banks I spoke with say that their zero liability policy extends to their debit cardholders as well."
Target customers should continue to monitor their accounts and immediately call their bank if they discover an unauthorized transaction, she adds. "The quicker a consumer responds, the less hassle they will encounter when trying to recover their funds," Herron notes.
The retailer has set up a page to answer commonly asked questions, as well as a page with step-by-step instructions on how to change the pin on REDcards.