Via CBS:
Target Corporation has confirmed that encrypted PIN data was stolen as part of the security breach earlier this month, which resulted in the theft of information for an estimated 40 million Target shoppers.
Target said that while the PIN data was stolen, the company remains “confident that PIN numbers are safe and secure.”The company said that the encryption key was not stored within their system, and thus could not have been taken during the data breach. “The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor,” the company said in a press statement. Meanwhile, CBS News is reporting that consumer reaction to their response to the theft was not encouraging.
YouGov’s BrandIndex, which reports from an online panel of 2.5 million people to measure how consumers rate corporate reputations, says that the Target brand had plunged by 35 points on a 200-point sliding scale during the day following the company’s disclosure of the hack. The index ranges from 100 points on the high end to -100 points on the low end.
Target’s brand was at 26 points on the scale the week before news of the breech broke. It dropped to -9 on Dec. 20. It has since slid further, standing at -19 points on the BrandIndex scale on Dec. 23, despite the company’s offer of a 10 percent discount and an offer for free credit monitoring. CBS News reports that many have avoided shopping at Target, canceled their Target credit cards, and may even be planning to sue the company.