Target announced that customer personal identification number (PIN) information "_had not been breached_" after 40 million customer credit and debit card records were stolen recently, according to a story published by the New York Times. Target announced, in previous statements, that the attackers "_made off with customers' encrypted PIN information_."
But "_the company stored the keys to decrypt its PIN data on separate systems from the ones that were hacked_, "according to the article. Even though this incident primarily affected the retail marketplace, it also leaves multiple industries concerned about additional breaches in data storage, outdated security measures, network vulnerabilities, and malicious attacks by hackers in their environments.
Molly Snyder, a spokeswoman for Target, was quoted in the article to say, "We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems." The report states that the credit and debit cards of Target customers have already been selling on the black market where "_a single card is selling for as much as $100._" Stolen card data can be used to create counterfeit cards. Still, suppose criminals obtain the PIN data. In that case, money can be transferred or withdrawn via a bank automatic teller machine (ATM), according to the article. In past cases, according to the report, security experts found that hackers managed to gain access to the keys and unscramble encrypted data even if "_the key to unlocking the encryption is stored on separate systems._"
As the Secret Service and Justice Department continue to investigate, the report indicates that this breach of Target's security is the second largest in retail history. The 2005 TJ Maxx breach compromised records for 90 million customers and remains to have been the most devastating invasion to date.