Although at the present time, Target continues to maintain that although 40 million debit and credit card numbers were stolen in the recent second largest retail hacking in American history, the all important PINs for the debit cards that were part of the hacking were not stolen, reports continue to indicate that PINs were indeed among the information taken by the hackers, but that the PINs were encrypted.  Target may be playing semantics with the public by saying that “no unencrypted PIN data was accessed” and that there presently there is no evidence that PINs have been compromised for the hacked debit cards.  It may well be that encrypted PINs among the data stolen.  If so, there should be real concern on the part of debit card holders whose information was compromised because sophisticated hackers have shown the ability to crack encryption of PINs in the past.


As I have often advised in the past, retail purchases are much safer when done with a credit card than with a debit card.  If fraudulent charges are made to a person’s credit card, federal law limits the amount of liability to the card holder to no more than $50 and most banks don’t even hold the card holder responsible for any fraudulent charges, however with debit cards, the amount of liability that attaches to the debit card user if he or she does not notice the fraud within two days rises to $500 and if the fraud goes undiscovered for 60 days, there is absolutely no limit on the amount of liability of the debit card holder.  A hacked debit card holder risks losing his or her entire bank account.  And even if he or she does notice the fraudulent activity immediately, the bank account to which the debit card is tied is frozen while the bank investigates the fraud.  Don’t use a debit card for any other use other than as an ATM card.  If you have used your debit card at Target during the affected period of November 27th and December 15th, you should check the activity on your bank account to which the card is tied daily online to look for unauthorized activity and if you find any, report it immediately to your bank.