Target might truly believe that customers’ PIN information is safe. But The New York Times raised questions about such confidence. We realize businesses do not want to create unnecessary panic, but Target should still lay out all the possibilities for customers. If the company disputes those outside expert opinions, Target should be proactive and explain why.
When issuing statements, Target needs to acknowledge, which it has in some cases, the facts are continuing to flow in and information could change. Companies do not want The New York Times to report as it did, “On Friday, a Target spokeswoman backtracked from previous statements and said criminals had made off with customers’ encrypted PIN information as well.”
Two days before The New York Times article, Reuters reported the following:
Target spokeswoman Molly Snyder said “no unencrypted PIN data was accessed” and there was no evidence that PIN data has been “compromised.” She confirmed that some “encrypted data” was stolen, but declined to say if that included encrypted PINs.
“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date,” Snyder said by email. “We are very early in an ongoing forensic and criminal investigation.”
On its website, Target makes a very confident statement, “PINs are safe and secure.”
Some people have posted to Target’s Facebook page implying the company doesn’t really know what’s going on with the security breach.