The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Hackers stole encrypted personal identification numbers (PINs) in the Target data breach, the company confirmed Friday. However, Target says the encryption is strong and they are confident the numbers remain secure.
“I hope they are right because that information, along with the credit and debit numbers of millions of Target customers, has been in the hands of ‘very sophisticated’ criminals for over four weeks and has been, and is probably still being, sold in the black markets,” says Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. “Just because data is encrypted is not an absolute guarantee it is completely protected.”
Reports of stolen PINs surfaced about a week after Target announced the breach, which impacted 40 million customer credit and debit cards used at U.S. stores between Nov. 27 and Dec. 15. The company says the data is encrypted at the point of sale and remains encrypted until after it is accepted by the company’s external, independent payment processor. Target does not have access to the encryption key, and it was not stolen during the breach, the company said.
In the past few days, Target has told consumers they will offer free credit monitoring to all who were impacted by the breach and that customers do not need to contact the company unless they find unauthorized charges to affected accounts.
If actual PINs become accessible to hackers, then they could gain unauthorized access to accounts associated with those cards. Further, the PINs could become the gateway to more of the cardholders’ personal information, heightening the risk for identity theft, Levin says. For instance, a lot of people use their birthdays for PINs.
“Many people use PINs universally,” Levin says. “Change your PIN every place else. At least change it on that card immediately.”
You should always keep a close eye on financial accounts, but it’s an especially important habit to practice in the wake of security failures. Checking credit and debit card statements is a good day-to-day strategy for spotting unauthorized transactions, and tracking your credit scores on a monthly basis is another way to watch out for changes in credit activity. Credit.com offers a free tool called the Credit Report Card, which allows consumers to check their credit scores every 30 days, along with breakdown of the information in the consumers’ credit report.
Target has said customers will not be liable for any fraudulent transactions made with stolen card information, but breach victims would be wise to stay alert and try to avoid the hassle that comes with them.
Image: Otisfrog, via Wikimedia Commons
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams