In addition to the roughly 40 million holiday shoppers that had their credit and debit card accounts stolen, Target Corp. announced Friday that PIN data was accessed in the breach.
The company insisted the PIN numbers are safe and secure, saying in a release they "remain confident" in the encryption system used at Target stores.
The system, known as Triple DES, uses keypad encryption that does not allow for data to be uncoded by a Target security breach, according to the company.
"The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems ... The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken," Target Corp. said.
In addition to Target's internal investigation, the U.S. Department of Justice is also looking into how the Minneapolis-based retailer's security might have been breached.
Affected customers made in-store purchases at U.S. stores between Nov. 27 and Dec. 15. Security experts say it's the second-largest credit theft in United States history.
Target patrons who suspect their information was compromised are asked to contact the chain at 866-852-8680. The company has also created a webpage dedicated to answering customers questions about the breach.