The stolen PIN data was "strongly encrypted" when it was removed from Target's systems, and the "key" necessary to decrypt data is not within its system and could not have been taken during the breach, spokeswoman Molly Snyder said in a statement. "We remain confident that PIN numbers are safe and secure."
Snyder declined to say how the criminals accessed the personal identification numbers.
While Target downplayed the significance of the PIN theft, some security experts warned that it exposed customers to a higher level of risk than previously known.
"It means there is potential for gaining access to debit card accounts," said Shane Shook, an executive with the cyber security firm Cylance Inc., who has investigated some of the biggest cyber breaches.
While it is virtually impossible to decrypt a PIN without the digital key to unlock it, Shook said many debit card holders choose easy-to-guess numbers like 1234. He said that in some investigations he has found that more than 20 percent of PINs could easily be guessed.
For the full story: http://www.nbcnews.com/business/target-confirms-encrypted-pins-were-stolen-recent-data-breach-2D11811618
Copyright 2015 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.