Hackers who stole data from millions of credit cards and debit cards used in Target stores removed encrypted data containing personal identification numbers — but the theft isn't expected to compromise cardholder accounts — the company said Friday.
"We remain confident that PIN numbers are safe and secure," said a statement issued Friday by Target spokeswoman Molly Snyder.
According to the company, Target does not have access to or store the encryption key within the company's computer systems. The data can only be decrypted when it is received by the company's external payment processor, Target said.
"What this means is that the 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident," the company said, adding "the most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken."
However, class action lawsuits filed against the company in the wake of the massive November-December data breach have alleged that thieves might use the PIN numbers to withdraw money from cardholders' bank accounts.
Similarly, a Reuters report earlier this week said an executive of at least one major bank voiced fear that the thieves would be able to crack the encrypted PIN numbers and victimize cardholders by making fraudulent withdrawals.
Contributing: Mike Snider