The Missouri attorney general’s office is “aggressively” seeking information from Target concerning how information on credit and debit cards used at its stores was obtained in a data breach.
Consumer Protection Division Chief Counsel Joe Bindbeutel says his office could act it if is determined that Target was negligent in protecting Missouri consumers.
“We are going to be very, very careful in our examination and our investigation of this matter,” Bindbeutel said. “We have teamed up with a number of different states to pool our resources and pool our information about this matter.”
Bindbeutel said before his office would decide to act it must know more about how Target responded to the breach and how the company encrypts its data. He compared this breach to one at Schnucks earlier in 2013 in which an estimated 2.4 million customers were impacted.
“In the Schnucks instance the Personal Identification Numbers were, we believe, unaffected,” Bindbeutel said. “That information was not stolen from Schnucks. With Target the investigation is ongoing but it looks like if not stolen, these PINs could be easily de-encrypted and used.”
Target said late last week that its investigation revealed the breach had included PINs, but it felt they were safe because they were encrypted. Bindbeutel said his office is not convinced of that and encourages anyone who shopped at Target between Nov. 27 and Dec. 15, 2013, using a card with a PIN to change it.
With Target the investigation is ongoing but it looks like if not stolen, these PINs could be easily de-encrypted and used.”