Nightly News   |  December 27, 2013

Could thieves crack PIN codes stolen from Target?

After a massive data breach of debit and credit cards for 40 million Target customers, the retail giant revealed Friday hackers had also stolen encrypted personal identification numbers – the company insists that data can’t be unlocked, but some security experts say there’s still reason to worry. NBC’s Gabe Gutierrez reports.

Share This:

This content comes from Closed Captioning that was broadcast along with this program.

>>> good evening. i'm natalie morales in for brian williams . tonight the target debit and credit card security breach affecting an estimated 40 million customers is once again our lead story. as we heard from the company today that, in fact, customers' encrypted pin numbers were stolen along with nape names and card numbers. but target still believes the pin codes can't be cracked. while there is no evidence yet to suggest the cyber criminals have managed to do that, many tech experts say there is reason to worry. gabe gutierrez joins us from atlanta with the latest. good evening, gabe.

>> reporter: natalie, good evening. target initially said no pin data had been stolen. today that changed. the retailer is now insisting that the pin data was strongly encrypted and can't be unlocked. but tonight there are new concerns that the hackers may have been more sophisticated than we first thought. the theft was already one of the t largest data breaches in u.s. history , under investigation by the secret service and the u.s. department of justice . but today target re vealed hackers had also stolen its customers' encrypted personal identification numbers, but the retailer says the thieves can't crack the code and actually use the pins.

>> it makes me leery about going there.

>> target says we remain confident the pins are safe and secure. here's how it works. when a customer swipes a card and enters a pin it is encrypt t and sent to an outside company which unlocks it with a digital key to process payment. since the digital key is not within its system, the hackers could not steal it or unscramble stolen pins.

>> that would take decades for them to crack each pin independently. it's not worth their time to go after the encrypted pins.

>> reporter: other security experts aren't sure.

>> target may be understating the significance. in the past the criminals have decrypted the pins and used it to steal cash from consumers.

>> reporter: also, even if the thieves don't have the key required to unlock someone's pin, many debit card holders use easy to guess numbers like 1234 .

>> 20 years i have had the same number.

>> i think people could figure it out.

>> reporter: jpmorgan chase are replacing all cards. many customers are nervous. carol wickender says days after buying a dvd at target someone charged airline tickets in africa.

>> two charges that totaled $ 1300 .

>> reporter: tonight while the nation's third largest retailer is assuring customers their debit card accounts haven't been compromised it is the target of more than a dozen class action lawsuits. bottom line, if you shopped at target in late november or early december and suspect your credit or debit card may have been compromised experts say to ask your bank for a new card number. natalie?

>> thank you, gabe.