Yikes. If you were one of those who shopped at Target during the time their point of sale machines were hacked, you need to take action, even if there has been no unusual account activity. Target has now confirmed that PIN numbers were obtained as part of the hack:
Target has confirmed that encrypted debit card PIN data was stolen as part of the massive hack carried out against the retailer between late November and early December. The company previously admitted that card numbers, expiration dates, and security codes were compromised in the attack that affected 40 million customers. That data has already started appearing on the black market, which in turn has put financial institutions across the US on high alert as banks look to protect customers from fraudulent activity.
Target says it remains confident that identification numbers are "safe and secure" thanks to the Triple DES encryption it uses to protect sensitive data. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the company said in a statement. When you make a debit purchase at one of Target's stores, your card information is "encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the retailer says. "What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident." To underline that point, Target closes its latest update on the incident by saying, "The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."
Forgive me if I'm unwilling to take them at their word on the encryption claim that my PIN is safe and secure. I wasn't one of the shoppers caught by the hack, but others in my household were.
If you shopped at Target during the time the hackers were harvesting PINs, card numbers, and the rest, I highly recommend that you change your PIN and watch your account like a hawk for activity like this:
↓ Story continues below ↓
He suggested you keep a very close eye on your accounts because thieves often start with relatively small innocuous-looking purchases -- perhaps something from iTunes or maybe a gas station.
"What these guys will do is they'll start to nibble. They'll do a $1 or $2 test charge," he explained. "It might be really something kind of menial."
Basically the bad guys are trying to determine if the card is active. Once those little charges go through, bigger ones will follow.
"Generally what they're doing is they're going and getting a large gift card," Colburn continued. "It's almost like they're laundering the money."