Target In Trouble Again Over Recent Hacking Attack
Peter Edward / 4 years ago
Target has come out saying that encrypted PINs were taken during recent cyber attack
Keep calm everyone, that is the message Target is trying to get across to all affected customers of the latest hacking attack. The recent attack on Target targeted over 40 million account holders and on Friday a spokeswoman for Target said strongly encrypted credit card and debit card PINs were taken. However Target has come out saying that the PINs or personal identification numbers cannot be decrypted without the right key and that the key could not have been taken during the attack as the company does not store the keys information. With the PINs being encrypted at the point-of-sale keypad, where they stay encrypted in Targets system and were still encrypted when the attacks happened and the information was stolen.
However not everyone is breathing easy, with a major US bank worried that the hackers may find a way to crack the encryption. Simply put the bank is worried that the hacker might be able to find a way to break the encryption holding the PINs. Stating that simple hackers would not have the knowledge or means to break the encryption, however the attack on Target was not pulled off by mere amateurs. This is troubling news for anyone who might have been affected by the recent cyber attack on Target.
Here is a copy of Target’s full public statement;
“Our investigation into the data breach incident is continuing and ongoing. While we are still in the early stages of this criminal and forensic investigation, we continue to be committed to sharing the facts as they are confirmed.While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.To help explain this, we want to provide more context on how the encryption process works. When a guest uses a debit card in our stores and enters a PIN, the PIN is encrypted at the keypad with what is known as Triple DES. Triple DES encryption is a highly secure encryption standard used broadly throughout the U.S.Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”
Thanks you CNET for providing us with this information.
Image courtesy of Tele Management.