Target confirms pin data IS stolen during security breach; “Hackers can’t use data”

Posted on: 6:40 am, December 19, 2013, by and , updated on: 01:47pm, December 28, 2013

Target credit cards

UPDATED 1:31 p.m. Dec. 28th

Saturday morning, Target is reassuring customers that “Hackers can’t use the data.”

According to CNN, Target confirmed that encrypted debit card PIN data was stolen as part of a breach of 40 million.

The U.S. secret service and justice department are still investigating how the criminals were able to get their hands on the information.

A day after Target announced that forty million of its customers had their credit and debit card data breached, the retailer announced a 10% discount for all shoppers at its stores this Saturday a Sunday.

“We recognize this has been confusing and disruptive during an already busy holiday season,” Target CEO Gregg Steinhafel said in a statement Friday. “Our guests’ trust is our top priority at Target and we are committed to making this right.”

Approximately 40 million credit and debit card accounts used by Target customers may have been impacted by a major data breach, the retailer said Thursday.

Customer names and credit or debit card numbers are involved in the breach – along with the expiration date and three-digit CVV security code of each card, the store said.

Shoppers who made purchases at their stores between Nov. 27 and Dec. 15 were urged to check their debit and credit card accounts and report suspected unauthorized activity to the firm.

Target said in a statement that it was “aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases” during the height of the Thanksgiving and Christmas holiday shopping period.

It is one of the largest ever breaches of consumer information, echoing the 2007 theft of data from at least 45.7 million credit and debit cards of shoppers at retailers including T.J. Maxx and Marshalls.  

“Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts,” the statement added. “Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.”

Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, a source who was not authorized to discuss the matter told Reuters.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” Target chairman, president and CEO Gregg Steinhafel said. “We regret any inconvenience this may cause. We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Krebs on Security, a blog that first reported the news, said that breach involved nearly all Target outlets in the United States, citing sources at two credit card issuers.

Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.

Target has 1,797 U.S. stores and 124 in Canada.