Watch CBS News
MoneyWatch

Target says encrypted PIN numbers were stolen in breach

By Aimee Picchi

/ MoneyWatch

The credit and debit-card security breach at Target (TGT) has grown into an even bigger headache for customers with the retailer's admission that encrypted personal identification numbers were stolen. 

The retailer on Friday said it has confirmed "that strongly encrypted PIN data was removed." In an emailed statement to the press, the retailer said, "We remain confident that PIN numbers are safe and secure."

That's probably not going to be much of a consolation to Target shoppers, who are already alarmed by the scope of the theft and unclear answers from the retailer. Reuters had reported on Thursday that the thieves had stolen encrypted PIN data, although Target initially denied that any PIN data was "compromised." 

At least one major U.S. bank is concerned that the thieves will crack the encryption code and withdraw money from bank accounts, Reuters noted. 

Target, however, said the "key" needed to decrypt the data from customers' debit cards didn't exist within its system, given that the PIN information was received by an independent payment processor. 

Still, consumers should take steps to protect themselves.

"Consumers can also change their PINs and request new debit cards from their bank," Bankrate credit card analyst Janna Herron told CBS MoneyWatch in an email following Target's disclosure. "Many banks I spoke with say that their zero liability policy extends to their debit cardholders as well."

Target customers should continue to monitor their accounts and immediately call their bank if they discover an unauthorized transaction, she adds. "The quicker a consumer responds, the less hassle they will encounter when trying to recover their funds," Herron notes. 

The retailer has set up a page to answer commonly asked questions, as well as a page with step-by-step instructions on how to change the pin on REDcards.

For more on how Target customers should protect themselves following the massive theft of 40 million credit and debit cards, read CBS MoneyWatch's article on the next steps to take.

Aimee Picchi

Aimee Picchi is the associate managing editor for CBS MoneyWatch, where she covers business and personal finance. She previously worked at Bloomberg News and has written for national news outlets including USA Today and Consumer Reports.

First published on December 27, 2013 / 12:32 PM EST

© 2013 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.