More fallout arises in the wake of the recent hacking that Target (News - Alert) found itself on the bad end of recently, as the retailer added to the list of information landed by the hackers when the late November / early December hack was carried out. Previously, Target acknowledged the loss of credit card numbers, along with expiration dates and security codes in the attack...but a new victim has arisen to join the ranks: debit card PIN data.
The hacking had an enormous impact, hitting around 40 million customers at last report, and worse, the data has since been spotted on the black market, otherwise known as the last place anyone would ever want to see a credit card number show up. The hacking put banks throughout the United States on high alert, and protecting customers from fraud became job one. The upshot, at least according to Target, is that the debit PINs should be “safe and secure,” largely owing to the point that Target encrypts such data with Triple DES encryption, and locks that encryption in right at the point of the keypad. Thus, the data not only started out encrypted, but it remained encrypted when it went into the system, and when the hackers got it, encrypted it remained.
What's more, the only way that the information can be immediately decrypted is to get said key from the independent payment processor service that Target works with, and the key has never actually existed within Target's systems at any point, which means a completely different hacking would be necessary to get the information from somewhere else.
It's likely to be at least something of a comfort for those impacted by the development, if perhaps only a cold comfort. Reports suggest that banks have been quick to react, and those who came in for replacement debit cards outright got said replacements with due haste. So the numbers in question may not have a lot of value after all, but it's still likely to leave a few gun-shy users next time holiday shopping season comes around.
It's hard to imagine this having a very chilling effect on debit and credit card use, whether in stores or online; that card is a very big part of a lot of users' lives, and most aren't likely to just let it fall by the wayside from one incident. But users were certainly practicing the correct levels of vigilance, and Target has reportedly been hard at work with both the Justice Department and the Secret Service in a bid to catch those responsible. These things are bound to happen—the sheer amount of potential return involved for the hackers is a pretty strong incentive—but with the proper vigilance, many of the problems associated with such hackings can be reduced and minimized.
Still, the recent Target hacking shows us conclusively what was predicted in a recent report from Kaspersky Lab: cyber-criminals would be taking on private data, money and Bitcoins in 2014, and this attack had two out of three elements ready to go. More of it is likely to arrive, but a little sound vigilance—as many displayed in this hacking—will likely mean the difference between a minor hiccup and a total disaster.