Categories: SecurityWorkspace

Target Reassures Customers Over Security Following Massive Breach

US retail giant Target is still reeling from the impact of a massive data breach affecting 40 million credit and debit card accounts, though the company is now emphasising that things are not quite as bad as some might think.

Target publicly acknowledged on 19 December that its US retail stores had been the victim of a data breach.

Encryption

In the days since, few details on the actual method used by attackers to exploit Target have been officially disclosed, though Target has provided new insight into some of its own security practices.

The Target hack targeted point-of-sale payment systems, including those used by retail consumers to enter their debit card PIN. In order for anyone to use a debit card, a PIN number is required, making the security of the PIN information an extremely critical component of any retailers’ infrastructure.

In a public media update published on 27 December, Target stressed that its customers’ PIN information was strongly encrypted using the Triple Data Encryption Standard (DES).

“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” Target stated.

Going a step further, Target noted that it does not hold the Triple DES encryption keys within its own system and the data can only be decrypted by a payment processor.

“What this means is that the key necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” Target stated. “The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”

Legal action

While Target has continued to reassure its customers that it is doing everything in its power to limit the risk, the legal implications of the breach are coming to the surface as well.

Multiple lawsuits have been filed across the United States by Target customers in regards to the credit and debit card information theft.

Target is working to keep Attorney Generals across the United States informed about its activities and the data breach. Target Executive Vice President and General Counsel Tim Baer hosted a call on 23 December with the majority of state Attorneys General about the breach.

“We are committed to keeping the attorneys general informed as the ongoing investigation moves forward and will host a follow-up call with them the week of 6 January,” Target stated.

Are you a security pro? Try our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Elon Musk Questions X’s Ban In China, After TikTok Ban

With Donald Trump moving to strike down US ban on TikTok, Elon Musk questions why…

11 hours ago

Russian State-Linked Hackers Target WhatsApp Accounts, Warns Microsoft

Microsoft warns the WhatsApp accounts of US government officials are being targetted by Russian hacking…

12 hours ago

Donald Trump, Melania Trump Launch Separate Cryptocurrencies

Two new cryptocurrencies are established, as $Trump and $Melania is launched by both Donald Trump…

14 hours ago

TikTok Restores Service In US After Trump Pledge

After Trump says he will issue executive order on Monday, TikTok began restoring service on…

17 hours ago

Amazon Pauses Drone Deliveries After Crashes

Another delay. Amazon deliveries by drone in Texas, Arizona paused after aircraft reportedly crashed in…

21 hours ago

TikTok Switched Off In US Ahead Of Ban Deadline

TikTok goes dark in the United States on Saturday, ahead of America's nationwide ban on…

1 day ago