Categories: SecurityWorkspace

Target Reassures Customers Over Security Following Massive Breach

US retail giant Target is still reeling from the impact of a massive data breach affecting 40 million credit and debit card accounts, though the company is now emphasising that things are not quite as bad as some might think.

Target publicly acknowledged on 19 December that its US retail stores had been the victim of a data breach.

Encryption

In the days since, few details on the actual method used by attackers to exploit Target have been officially disclosed, though Target has provided new insight into some of its own security practices.

The Target hack targeted point-of-sale payment systems, including those used by retail consumers to enter their debit card PIN. In order for anyone to use a debit card, a PIN number is required, making the security of the PIN information an extremely critical component of any retailers’ infrastructure.

In a public media update published on 27 December, Target stressed that its customers’ PIN information was strongly encrypted using the Triple Data Encryption Standard (DES).

“The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” Target stated.

Going a step further, Target noted that it does not hold the Triple DES encryption keys within its own system and the data can only be decrypted by a payment processor.

“What this means is that the key necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” Target stated. “The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”

Legal action

While Target has continued to reassure its customers that it is doing everything in its power to limit the risk, the legal implications of the breach are coming to the surface as well.

Multiple lawsuits have been filed across the United States by Target customers in regards to the credit and debit card information theft.

Target is working to keep Attorney Generals across the United States informed about its activities and the data breach. Target Executive Vice President and General Counsel Tim Baer hosted a call on 23 December with the majority of state Attorneys General about the breach.

“We are committed to keeping the attorneys general informed as the ongoing investigation moves forward and will host a follow-up call with them the week of 6 January,” Target stated.

Are you a security pro? Try our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

12 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

12 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

13 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

15 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

18 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

18 hours ago