Target today revealed more details about the massive credit card hacking problem, which it initially declared to be affecting about 40 million credit card and debit card users. This is an obvious attempt by the retailer to explain its accountability about the issue.
In a statement released by the company, it assured that the personal identification numbers (PINs) associated with the affected cards have always been ‘strongly encrypted.’ It remains confident that those security numbers are still safe and secure.
Target pointed out that the debit card accounts of its customers have not been compromised by the suspected theft of encrypted PINs. It added that PIN data was completely encrypted at keypads and remained encrypted within the system and even if removed from the system.
The company also revealed that it does not have any access to or it does not store corresponding encryption key within the system. PIN data remains encrypted within the retailer’s system and could only be decrypted upon receipt of external and independent payment processor. Thus, it reiterated that the necessary ‘key’ to decrypt credit card information does not exist within the company’s system. At the same time, the data could not have been possibly taken from it during last week’s massive hack incident.
It was late last week when Target made the confirmation that its system was hacked and that the problem could affect up to 40 million users of credit and debit cards that have been used within its US stores. It disclosed that the reported security breach could have compromised card data from the period of November 27 to December 15. That was a crucial time as it was part of the peak of the holiday shopping rush.
Handling of the problem
The company has immediately declared identifying and eliminating the threat that was posed by unauthorized access to its own customer payment card information system. Earlier this week, Target had revealed that during the course of its ongoing forensics and criminal probe about the data breach, it was able to confirm the removal of strongly encrypted PIN data.
Meanwhile, Brian Krebs, the security researcher that first reported the security breach has also updated his information about the incident. In his blog, he claimed that he has already identified the Ukrainian man who was selling payment credit card data that were supposedly stolen from Target’s system.
For comments and suggestions, leave a message in the comments section below. Like and Follow our Facebook page for more stories and to stay up-to-date with the latest happenings.