Target Corp. said cybercrooks gained access to "strongly encrypted" personal identification numbers when they hacked their way into its systems and collected data on about 40 million customer credit and debit card accounts during the holiday season.
The retailer said Friday that it remained "confident" that PINs were "safe and secure."
PINs are encrypted as customers enter them at keypads at checkout through a protection program known as Triple DES encryption, according to Target.
The PIN information stays encrypted within Target's system and "remained encrypted when it was removed," the Minneapolis company said.
The code can be cracked only when the information is received by Target's external, independent payment processor, according to the retailer.
"What this means is that the 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident," the company said.