America

Target: Encrypted Data Were Taken, But Not The Key To Unlock

The scene outside a Target store in Brooklyn on Black Friday, Nov. 29. i i

The scene outside a Target store in Brooklyn on Black Friday, Nov. 29. Eric Thayer /Reuters /Landov hide caption

itoggle caption Eric Thayer /Reuters /Landov
The scene outside a Target store in Brooklyn on Black Friday, Nov. 29.

The scene outside a Target store in Brooklyn on Black Friday, Nov. 29.

Eric Thayer /Reuters /Landov

Though hackers did obtain "strongly encrypted PIN data" when they got into Target's information systems, the retailer said Friday that sensitive information from customers' debit cards should not be at risk.

Target posted this explanation:

"When a guest uses a debit card in our stores and enters a PIN, the PIN is encrypted at the keypad with what is known as Triple DES. Triple DES encryption is a highly secure encryption standard used broadly throughout the U.S.

"Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target's systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident."

So the hackers have data that they can't open up, Target says.

Our earlier headlines about what happened at Target's stores over the holiday shopping season and the aftermath:

Breach At Target Stores May Affect 40 Million Card Accounts

JPMorgan Chase Places Limits On Cards Used At Target Stores

Customers Sue Target Over Credit Card Breach

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.