Hackers stole encrypted personal identification numbers (PINs) in the Target data breach, the company confirmed Friday. However, Target says the encryption is strong and they are confident the numbers remain secure.
“I hope they are right because that information, along with the credit and debit numbers of millions of Target customers, has been in the hands of ‘very sophisticated’ criminals for over four weeks and has been, and is probably still being, sold in the black markets,” says Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. “Just because data is encrypted is not an absolute guarantee it is completely protected.”
Reports of stolen PINs surfaced about a week after Target announced the breach, which impacted 40 million customer credit and debit cards used at U.S. stores between Nov. 27 and Dec. 15. The company says the data is encrypted at the point of sale and remains encrypted until after it is accepted by the company’s external, independent payment processor. Target does not have access to the encryption key, and it was not stolen during the breach, the company said.
In the past few days, Target has told consumers they will offer free credit monitoring to all who were impacted by the breach and that customers do not need to contact the company unless they find unauthorized charges to affected accounts.
If actual PINs become accessible to hackers, then they could gain unauthorized access to accounts associated with those cards. Further, the PINs could become the gateway to more of the cardholders’ personal information, heightening the risk for identity theft, Levin says. For instance, a lot of people use their birthdays for PINs.
“Many people use PINs universally,” Levin says. “Change your PIN every place else. At least change it on that card immediately.”
You should always keep a close eye on financial accounts, but it’s an especially important habit to practice in the wake of security failures. Checking credit and debit card statements is a good day-to-day strategy for spotting unauthorized transactions, and tracking your credit scores on a monthly basis is another way to watch out for changes in credit activity. Credit.com offers a free tool called the Credit Report Card, which allows consumers to check their credit scores every 30 days, along with breakdown of the information in the consumers’ credit report.
Target has said customers will not be liable for any fraudulent transactions made with stolen card information, but breach victims would be wise to stay alert and try to avoid the hassle that comes with them.
Image: Otisfrog, via Wikimedia Commons