Published December 27, 2013
Target said Friday that debit-card PIN numbers were among the financial information stolen from millions of customers who shopped at the retailer earlier this month.
The company said the stolen personal identification numbers, which customers type in to keypads to make secure transactions, were encrypted and that this strongly reduces risk to customers.
In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target between Nov. 27 and Dec. 15.
"The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems," Molly Snyder, a spokeswoman from the company, said in a statement.
The announcement comes as federal lawsuits are beginning to trickle in from customers around the U.S. The Department of Justice told FoxNews.com Friday that it is investigating the Target data breach. Target said that it's cooperating with the DOJ's probe.
However, Gartner security analyst Avivah Litan said Friday that the PINs for the affected cards are not safe and people "should change them at this point."
By Monday evening, more than a dozen Target customers had filed federal lawsuits, with some accusing Target of negligence in failing to protect customer data. The recent security breach involving about 40 million credit and debit card accounts.
Target has been trying to deal with fallout from the breach during what is typically the busiest shopping season of the year.
Target has said that it told authorities and financial institutions once it became aware of the breach on Dec. 15. The company issued an apology to customers and doubled the number of workers taking calls from customers around the clock. It also offered 10 percent off to customers who wanted to shop in its stores on Saturday and Sunday and free credit-monitoring services to those who are affected by the issue.
But there are early signs that some shoppers are scared off by the breach.
Before this incident, Target had a chance of at least a decent Christmas. Now, it will be mediocre at best," said Craig Johnson, president of Customer Growth Partners, a retail consultancy.
Target explained in Friday’s statement that its systems do not store PIN information and these numbers can only be decrypted by an external payment processor.
"The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken," the statement said.
Fox News' Edmund DeMarche and the Associated Press contributed to this report