Turns out Target lied, big surprise…
Earlier this week we reported on one of the biggest credit card scams ever undertaken by hackers in the history of modern commerce, and it looks like the damage is far worse than any of us could have imagined. According to an anonymous tip from a senior payments executive at JPMorgan Chase bank, the encrypted PINs were lifted at the same time as the rest of the data, and Target knowingly withheld the information in an attempt to downplay the severity of the situation this close to their biggest shopping season of the year.
Of course, a spokeswoman for Target immediately fired back at these allegations, claiming “no encrypted PIN data was accessed”, and that so far no evidence had surfaced that those responsible for the attack had gained unauthorized access to the file that contains the vulnerable numbers.
It’s likely the hackers will wait several weeks at least before we start seeing any kind of actual money being transferred out of Target shopper’s accounts, and one bright spot in an otherwise dim situation is that although the data was stolen, it’s sitting under several layers of financial-level encryption — which is known to be some of the most difficult and resource-intensive to crack. With 40 million bits of data to go through, it’s unlikely that anyone but the highest priced of targets will see a change in their bank statement in the next few months.
As a measure of caution many major banks have lowered the limits on cash withdrawals for ATMs and their branches, as well as issuing millions of new credit cards to customers who had any activity from Target on their statement during the three weeks the retailer was under attack.
Make sure to stay tuned to VPN Creative for all the latest updates on this once-in-a-generation hack.