14 DAY TRIAL // Sources familiar with the investigation into the Target breach have told Reuters that the hackers appear to have obtained PIN data. However, the retailer’s representatives are denying the allegations.
If the cybercriminals obtained the PINs associated with the 40 million compromised payment cards, they could easily clone them and make fraudulent ATM withdrawals.
The senior payments executive who talked to Reuters said that the PIN data stolen by the attackers was encrypted, but at least one major US bank was concerned that the information could be decrypted.
However, Target representatives are denying that PIN data has been obtained by the hackers.
“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Target spokeswoman Molly Snyder told Reuters.
On the other hand, Snyder notes that they’re at a very early stage of their criminal and forensic investigation.