Minneapolis -- Target Corp. admitted Friday that “strongly encrypted PIN data” was removed during the hacking that compromised some 40 million credit- and debit-card accounts between Nov. 27 and Dec. 15. The retailer said it remains “confident” that customers’ PIN numbers are safe and secure.
“Target does not have access to nor does it store the encryption key within our system, the chain said in a release. “The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.”
Target is already facing an array lawsuits, mostly from customers accusing the company of failing to safeguard their information.
Senator Robert Menendez (D-N.J.) said Thursday he sent a letter to the head of the Federal Trade Commission requesting an update regarding the breach. Menendez, who is a member of the Senate Banking Committee, has also said he is looking into whether the FTC can fine firms when such data breaches occur.