Target confirmed today PIN data information was stolen by the hackers after releasing a statement earlier this week ensuring PIN numbers were not among the encrypted data stolen in the Target security breach, the Associated Press reported.
Security analysts announced earlier this week that PIN data information might have been among the encrypted data stolen, but Target insisted the PINs were safe, according to the AP. Now the company has confirmed the PINs have been stoeln but the most important "key" to decrypt the PIN data is not in Target's system therefore it can not be stolen or used.
The breach, which occurred from Nov. 27 and Dec. 15, is the second largest in United States history and included the theft of customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of the cards, the AP reported.
Though PIN information has been collected, Target insists it does not have access to the codes and that they do not store the encryption key in their system, making it unlikely the hackers will be able to decode them, the AP reported.
According to Molly Snyder, a Target spokeswoman, in order to decrypt the PIN information it has to be received by the store's "external, independent payment processor," the AP reported.
"We remain confident that PIN numbers are safe and secure,"Snyder said in an emailed statement Friday, according to the AP. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."
Avivah Litan, a security analyst for Gartner, said that the PINs stolen are not safe and that those affected by the breach "should change them at this point," the AP reported.