According to senior payment executives involved in the recent breach of Target credit and debit card information, hackers may have been able to steal encrypted personal identification numbers, or PINS, to the victim's stolen card numbers, Reuters reported.
Molly Snyder, a spokeswoman for Target, said in a statement that "no unencrypted PIN data was accessed" and added that in the current early steps of the investigation there is no evidence that PIN data was stolen or "compromised," Snyder said, according to Reuters.
Snyder did add that encrypted data, the ones which may contain PIN data information, was stolen but she did not elaborate on whether that data included the PINS, Reuters reported.
"We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date," Snyder said by email, Reuters reported. "We are very early in an ongoing forensic and criminal investigation."
The issue troubling the major U.S. banks involved in the Target security breach is that the encrypted data which was stolen will allow for "sophisticated" hackers to crack the encryption code to make withdrawals from the victim's bank accounts, Reuters reported.
The encrypted codes which were stolen could keep amateur hackers from decoding the "digital keys to customer bank deposits," but not the advanced level of hacker which stole the 40 million pieces of customer financial information, according to Reuters.
Daniel Clemens, the CEO of a cyber security consulting firm named Packet Ninjas, said while some banks lowered debit card limits, others were tentative because they were not positive whether the codes could be encrypted, Reuters reported.
According to Clemens, hackers can decode these pins through various methods, one of which is called a tool known as "RAM scraper" and it saves the pins while they are stored in memory, Reuters reported.
The Target breach began on Nov. 27 and lasted through Dec. 15, with Target only notifying credit card companies on Dec. 18 and the general public on Dec. 19, Reuters reported.
