Ever since news broke of Target's massive security breach, the retailer has said that customers' PIN and debit card data hadn't been stolen. Today, it admitted that actually, it had been—which, according to the Minneapolis Star Tribune, makes the stolen cards significantly more likely to be fraudulently cloned. But Target says it's "confident that PIN numbers are safe and secure" because they were tightly encrypted.
That means to read them, thieves would need a key that Target says never even existed in its system—the second customers put in their number, it was encrypted and sent to a third-party payment processor. An independent security expert tells CNNMoney that it would be "difficult or impossible to decrypt" Target's algorithm without that key. But an anonymous executive for a major US bank tells Reuters that they're worried nonetheless, and JPMorgan and Santander have both lowered their limits on ATM withdrawals as a precaution. (More Target stories.)