Save Money in this Sunday's paper

comments

Target says PINs stolen were encrypted

By Leslie Patton and Lindsey Rupp
Bloomberg News

Target officials said that data related to shoppers’ personal identification numbers was stolen during the recent breach of its debit and credit card system but that the company is “confident” customers’ accounts haven’t been compromised because the information was encrypted.

The PIN data can be decrypted only when it is received by Target’s external, independent payment processor, Molly Snyder, a spokeswoman for the Minneapolis-based retailer, said Friday in an email. The key needed to decrypt the information never existed on Target’s system and couldn’t have been taken during the breach, she said.

“We remain confident that PIN numbers are safe and secure,” she said. “The PIN information was fully encrypted at the keypad, remained encrypted within our system and remained encrypted when it was removed from our systems.”

Target has been working to retain customers’ loyalty after saying Dec. 19 that security for 40 million cards may have been breached from Nov. 27 to Dec. 15 as shoppers made purchases in stores. About 1.2 million accounts used in North Carolina stores were affected, according to a filing the retailer made with the N.C. Attorney General’s office.

While the chain said it had identified and resolved the issue, the compromise occurred during the most important period of the year for retailers and with shoppers already showing reluctance to spend.

Even before the incident, Target had been struggling to boost sales and earnings. The retailer’s third-quarter profit trailed analysts’ estimates as U.S. shoppers held back and expansion into Canada dragged on earnings, sending net income down 46 percent from a year earlier.

The shares have gained 5.6 percent this year through the close of trading Thursday, compared with a 29 percent increase in the Standard & Poor’s 500 Index.

Since disclosing the breakdown last week, the second-largest U.S. discount retailer has agreed to give some shoppers free credit reporting, assured them they wouldn’t be responsible for fraudulent charges and offered a 10 percent discount on purchases last weekend.

The retailer is already facing almost two dozen lawsuits, mostly from customers accusing the company of failing to safeguard their information.

The breach occurred when a computer virus infected Target’s point-of-sale terminals, a person familiar with the matter, who asked not to be identified because the investigation is private, said last week.

The company is investigating the breach with the Justice Department and the Secret Service, which asked it not to share details of the inquiry.

Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more



Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more


Quick Job Search
Salary Databases