SalemNews.com, Salem, MA

Nation/World

December 28, 2013

Target: Customers' encrypted PINs were stolen

ATLANTA — Target said yesterday that debit-card PINs were among the financial information stolen from millions of customers who shopped at the retailer earlier this month.

The company said the stolen personal identification numbers, which customers type into keypads to make secure transactions, were encrypted and that this strongly reduces risk to customers. In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target stores between Nov. 27 and Dec. 15.

Security experts say it’s the second-largest theft of card accounts in U.S. history, surpassed only by a scam that began in 2005 involving retailer TJX Cos.

“We remain confident that PIN numbers are safe and secure,” spokeswoman Molly Snyder said in an emailed statement yesterday. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”

However, Gartner security analyst Avivah Litan said yesterday that the PINs for the affected cards are vulnerable and people should change their codes since such data has been decrypted, or unlocked, before. In 2009 computer hacker Albert Gonzalez pleaded guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted retailers such as T.J. Maxx, Barnes & Noble and OfficeMax. Gonzalez’s group was able to unlock encrypted data. Litan said changes have been made since then to make decrypting more difficult but “nothing is infallible.”

“It’s not impossible, not unprecedented (and) has been done before,” she said.

Besides changing your PIN, Litan says shoppers should instead opt to use their signature to approve transactions because it is safer. Still, she said Target did “as much as could be reasonably expected” in this case.

“It’s a leaky system to begin with,” she said.

Credit card companies in the U.S. plan to replace magnetic strips with digital chips by the fall of 2015, a system already common in Europe and other countries that makes data theft more difficult.

Minneapolis-based Target Corp. said it is still in the early stages of investigating the breach. It has been working with the Secret Service and the Department of Justice.

1
Text Only | Photo Reprints
Nation/World

Local News
  • Keenan to resign to take Salem State job

    SALEM — State Rep. John Keenan said Tuesday he will resign from office Aug. 24 to take a new job as vice president of administration at Salem State University.
    His announcement ended months of speculation about where the five-term Democrat would end up after leaving the Legislature. As it turns out, he is leaving four months before his term would have expired.

    July 29, 2014

  • Axe in Windshield Close call on I-95 in Topsfield when loose ax chops through windshield

    TOPSFIELD — Some motorists on Interstate 95 southbound had a scary moment Wednesday around 11 a.m. when a loose ax flew off a landscaper dump truck in front of them and cleaved partly through their car's windshield.

    July 30, 2014 1 Photo

  • Chism attorney challenging legislation

    DANVERS -- The attorney for the Danvers teen charged with raping and murdering his math teacher last October is arguing that the 1996 state law requiring that he be tried as an adult is unconstitutional. The argument by Philip Chism's attorney comes

    July 30, 2014

  • 140729_SN_DLE_PATROL4 Party problems persist in Point SALEM -- 'Tis the season for parties in the Point. Three years after a large Fourth of July gathering in the densely inhabited neighborhood led to a violent confrontation between partygoers and police, Chief Paul Tucker says his department continues

    July 30, 2014 3 Photos

  • lottery.jpg 'Lucky' Salem store sells $15M lottery ticket

    SALEM -- An anonymous person used a trust to claim a $15 million grand prize Tuesday from a $30 scratch ticket bought at a local corner store. It is the largest instant "scratch and win" prize ever in the state's history. Nicole's Food Store at 406

    July 30, 2014 1 Photo