Target says the personal identification numbers that were obtained along with other information on some 40-million debit and credit cards used at its stores was encrypted, and is therefore safe. The Missouri Attorney General’s Office isn’t convinced.
Chief Counsel for its Consumer Protection Division Joe Bindbeutel says, “Whether or not (those) can be easily de-encrypted is a subject of some debate between those investigating this incident and Target at this point.”
Bindbeutel says Target is right to say that some level of encryption was used on those numbers, but his office feels they there is no guarantee they are safe.
“It is our position that those PINs by themselves and with the available technology right off the internet are in a position where they could be de-encrypted fairly readily,” says Bindbeutel.
He recommends anyone who shopped at Target between November 27 and December 15 using a card with a PIN have that number changed.
“It is a very simple process to do. You contact your bank or credit card issuer. It can usually be done over the internet.”
Bindbeutel says his office is working with counterparts from other states and could take legal action against Target it if is determined the company didn’t do enough to protect Missouri consumers.
The Attorney General’s Office estimates as many as 500-thousand Missourians’ credit and debit cards might have been exposed in the Target breach.