 Target hackers got card PIN numbers too Target says customers' encrypted PIN data was removed during the massive data breach that occurred earlier this month. Previously Target had said that encrypted data was stolen but stopped short of identifying it as PIN numbers. But the company issued a sCommentsview comments in forum Page 1 You need to be a member of CKA and be logged into the site, to comment on news. |
Share
Who voted on this?
|
Mobile
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2025 by Canadaka.net
The comments are property of their posters, all the rest © 2025 by Canadaka.net
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?
If they don't have your PIN then they can't help themselves to your money when they want to.
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?
If they don't have your PIN then they can't help themselves to your money when they want to.
Eggzaktlee. And they make their payment systems specifically chip-card incompatible so that they have the ability to record this information. But since they can't seem to keep their in store only data from escaping on the internet and creating huge privacy breaches, I still can't think of a business case where that makes sense. I also can't think why Provincial Privacy Commissioners across Canada let them keep this information.
Then again, I can't understand people giving them the data, their phone number and an email address in the first place.
The Elepahnt in the room that no one seems to be asking is "Why are they recording PINs anyhow?" What business purpose could it serve?
...
In 2009 computer hacker Albert Gonzalez plead guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted companies such as T.J. Maxx, Barnes & Noble and OfficeMaxe. Gonzalez's group was able to decrypt encrypted data.
This is what happens when people assume that encryption is infallible. In a POS system you have to store the encrypted data at least briefly, and you can bet that the "retailer's external, independent payment processor" assured them that once data is encrypted nobody can ever decrypt it without the key.
This is what happens when people assume that encryption is infallible. In a POS system you have to store the encrypted data at least briefly, and you can bet that the "retailer's external, independent payment processor" assured them that once data is encrypted nobody can ever decrypt it without the key.
I laughed when they said that too. PINs are 5 digits max 100,000 combinations, usually 4 digits for 10,000 combinations. With a population of 10 million PINS, there will be some overlap. Figuring out the encryption keys won't be an 'NP complete' kind of a problem.