More Trouble at Target: Hackers Landed Encrypted Debit Card PIN Data

By Steve Anderson December 27, 2013

More fallout arises in the wake of the recent hacking that Target found itself on the bad end of recently, as the retailer added to the list of information landed by the hackers when the late November / early December hack was carried out. Previously, Target acknowledged the loss of credit card numbers, along with expiration dates and security codes in the attack...but a new victim has arisen to join the ranks: debit card PIN data.

The hacking had an enormous impact, hitting around 40 million customers at last report, and worse, the data has since been spotted on the black market, otherwise known as the last place anyone would ever want to see a credit card number show up. The hacking put banks throughout the United States on high alert, and protecting customers from fraud became job one. The upshot, at least according to Target, is that the debit PINs should be “safe and secure,” largely owing to the point that Target encrypts such data with Triple DES encryption, and locks that encryption in right at the point of the keypad. Thus, the data not only started out encrypted, but it remained encrypted when it went into the system, and when the hackers got it, encrypted it remained.

What's more, the only way that the information can be immediately decrypted is to get said key from the independent payment processor service that Target works with, and the key has never actually existed within Target's systems at any point, which means a completely different hacking would be necessary to get the information from somewhere else.

It's likely to be at least something of a comfort for those impacted by the development, if perhaps only a cold comfort. Reports suggest that banks have been quick to react, and those who came in for replacement debit cards outright got said replacements with due haste. So the numbers in question may not have a lot of value after all, but it's still likely to leave a few gun-shy users next time holiday shopping season comes around.

It's hard to imagine this having a very chilling effect on debit and credit card use, whether in stores or online; that card is a very big part of a lot of users' lives, and most aren't likely to just let it fall by the wayside from one incident. But users were certainly practicing the correct levels of vigilance, and Target has reportedly been hard at work with both the Justice Department and the Secret Service in a bid to catch those responsible. These things are bound to happen—the sheer amount of potential return involved for the hackers is a pretty strong incentive—but with the proper vigilance, many of the problems associated with such hackings can be reduced and minimized.

Still, the recent Target hacking shows us conclusively what was predicted in a recent report from Kaspersky Lab: cyber-criminals would be taking on private data, money and Bitcoins in 2014, and this attack had two out of three elements ready to go. More of it is likely to arrive, but a little sound vigilance—as many displayed in this hacking—will likely mean the difference between a minor hiccup and a total disaster.




Edited by Stefania Viscusi

Contributing TechZone360 Writer

SHARE THIS ARTICLE
Related Articles

Four Reasons to Reach for the Cloud after World Earth Day

By: Special Guest    4/23/2018

The World Earth Day agenda offers a chance to flip the rationale for cloud adoption and highlight environmental benefits that the technology brings pr…

Read More

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More