Read time: 2 minutes

Attention, Target Shoppers: Change Your PIN.

The November-December hack of Target's point of sale machines gave hackers your PIN
Attention, Target Shoppers: Change Your PIN.
Image from:

Yikes. If you were one of those who shopped at Target during the time their point of sale machines were hacked, you need to take action, even if there has been no unusual account activity. Target has now confirmed that PIN numbers were obtained as part of the hack:

Target has confirmed that encrypted debit card PIN data was stolen as part of the massive hack carried out against the retailer between late November and early December. The company previously admitted that card numbers, expiration dates, and security codes were compromised in the attack that affected 40 million customers. That data has already started appearing on the black market, which in turn has put financial institutions across the US on high alert as banks look to protect customers from fraudulent activity.

Target says it remains confident that identification numbers are "safe and secure" thanks to the Triple DES encryption it uses to protect sensitive data. “The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems,” the company said in a statement. When you make a debit purchase at one of Target's stores, your card information is "encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the retailer says. "What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident." To underline that point, Target closes its latest update on the incident by saying, "The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."

Forgive me if I'm unwilling to take them at their word on the encryption claim that my PIN is safe and secure. I wasn't one of the shoppers caught by the hack, but others in my household were.

If you shopped at Target during the time the hackers were harvesting PINs, card numbers, and the rest, I highly recommend that you change your PIN and watch your account like a hawk for activity like this:

He suggested you keep a very close eye on your accounts because thieves often start with relatively small innocuous-looking purchases -- perhaps something from iTunes or maybe a gas station.

"What these guys will do is they'll start to nibble. They'll do a $1 or $2 test charge," he explained. "It might be really something kind of menial."

Basically the bad guys are trying to determine if the card is active. Once those little charges go through, bigger ones will follow.

"Generally what they're doing is they're going and getting a large gift card," Colburn continued. "It's almost like they're laundering the money."

We Need Your Help Now More Than Ever

For 17 years we have been exposing Washington lies and untangling media deceit, but now Facebook and social media are drowning us in an ocean of right wing lies. Please give a one-time or recurring donation, or subscribe for an ad-free experience.

More C&L Coverage


New Commenting System

Our comments are now powered by Insticator. In order to comment you will need to create an Insticator account. The process is quick and simple. Please note that the ability to comment with a C&L site account is no longer available.

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service (revised 3/17/2016) for information on our posting policy.

Please Do Not Use the Login Link at the Top of the Site.

In order to comment you must use an Insticator account. To register an account, enter your comment and click the post button. A dialog will then appear allowing you create your account.

We will be retiring our Crooks and Liars user account system in January, 2021.

Thank you.
C&L Team