Related News
Target hack may involve encrypted PIN theft
Print Edition
The hackers who attacked Target Corp and compromised up to 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers, according to a senior payments executive familiar with the situation.
One major US bank fears that the thieves would be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts, said the executive, who spoke on the condition of anonymity because the data breach is still under investigation.
Target spokeswoman Molly Snyder said “no unencrypted PIN data was accessed” and there was no evidence that PIN data has been “compromised.” She confirmed that some “encrypted data” was stolen, but declined to say if that included encrypted PINs.
“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Snyder said by e-mail. “We are very early in an ongoing forensic and criminal investigation.”
The No. 3 US retailer said last week that hackers stole data from as many as 40 million cards used at Target stores during the first three weeks of the holiday shopping season, making it the second-largest data breach in US retail history.
Target has not said how its systems were compromised, though it described the operation as “sophisticated.” The US Secret Service and the Justice Department are investigating. Both agencies have declined comment on the probes.
The attack could end up costing hundreds of millions of dollars, but it is unclear so far who will bear the expense.
While bank customers are typically not liable for losses because of fraudulent activity on their credit and debit cards, JPMorgan Chase & Co and Santander Bank said they have cut limits on how much cash customers can take out of teller machines and spend at stores.
The unprecedented move has led to complaints from consumer advocates about the inconvenience it caused from the late November Thanksgiving holiday into the run-up to Christmas. But sorting out account activity after a fraudulent withdrawal could take a lot more time and be worse for customers.
JPMorgan has said it was able to cut inconvenience by giving customers new debit cards printed quickly at its branches.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
