Target Breach PINs: Hackers Got PIN Numbers in Breach, Report Says

December 26, 2013 Updated: December 26, 2013

Target’s card breach included the hackers obtaining PINs, a source told Reuters.

“The hackers who attacked Target Corp (TGT.N) and compromised up to 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers (PINs), according to a senior payments executive familiar with the situation,” the news agency reported.

But Target spokeswoman Molly Snyder said “no unencrypted PIN data was accessed” and there was no evidence that PIN data has been “compromised.” She confirmed that some “encrypted data” was stolen, but declined to say if that included encrypted PINs.

“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Snyder said by email. “We are very early in an ongoing forensic and criminal investigation.”

Target officials say the breach involves purchases at retail stores in the U.S. between Nov. 27 and Dec. 15. They say online purchases were not affected.

At least two state attorney generals have warned Target customers to keep an especially close eye on their billing statements this holiday season in the wake of a financial security breach.

Nevada’s AG Catherine Cortez Masto says Nevadans need to be vigilant in reviewing their credit and debit card statements following the hack.

Cortez Masto warns to also be wary of calls and email “phishing” scams that claim to offer protection, but really are intended to obtain personal information and capitalize on the fraud.

West Virginia Attorney General Patrick Morrisey added that consumers who shopped at Target during this time should closely monitor their accounts and report fraudulent or suspicious purchases.

Consumers also may receive calls, texts, or emails from someone claiming to be from Target asking for Social Security numbers, credit card numbers and other personal information.

Morrisey says the best thing for consumers to do if they receive fraudulent communications from someone alleging to be affiliated with Target is to hang up and call Target to confirm the communication is legitimate.

The Associated Press contributed to this report.

Follow Zachary on Twitter: @zackstieber