Target Black Friday 2013: Target confirmed that encrypted debit card PIN data was stolen in the Black Friday 2013 security breach.
A Target spokesperson said "While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."
Criminals are already selling Target customers' credit and debit card data on the black market. A single card can fetch up to $100. Consumer watchdogs urge customers who shopped at Target during the Black Friday time period to check their credit card statements. Custoners should change their PIN in the aftermath of the massive breach that happened at Target Stores on Black Friday.
People who shopped at Target between Black Friday and the beginning of December should look for any purchases, no matter how small, that might show fraudsters using their account. Target customers are also being urged to contact their banks to request a replacement card and change their PIN. 
Santander Bank caps on customer purchases and withdrawals made with compromised credit and debit cards. Chase also imposed a money limit.
The Target Black Friday breach was caused by malware on store point-of-sale systems. Target is cooperating with the fed, including the braches Secret Service and Department of Justice. At the request of law enforcement Target is withholding additional details, but said its legal team held a conference call with most states' attorneys general on Monday afternoon.
Target also hired a private firm to review its information security. Two U.S. senators urged consumer protection agencies to investigate to Black Friday breach.On Saturday JPMorgan Chase contacted about 2 million affected debit card members Saturday and said they would be limited to a maximum of $100 cash withdrawals and $300 in purchases per day. Chase put daily cash and spending limits on debit cards that were used at Target stores that could be susceptible to fraud. In the middle of Christmas shopping season Chase spokeswoman Kristin Lemkau said less than 10 percent of Chase customers are affected.
Chase customers will be limited to withdrawing no more than $100 a day from ATMs on debit cards affected by the Target Black Friday Breach. The stolen data included names, numbers, expiration dates and data taken from the magnetic strip when credit or debit cards are swiped.
In a statement issued on Friday Target's CEO Gregg Steinhafel apologized and said Target added workers to field calls and help solve website issues. Target is also offering free credit-monitoring services to those who've been affected by the issue.
On Friday, Target reiterated that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.
Target Hackers got encrypted PIN data. Hackers who stole data at Target stores on Black Friday reportedly accessed the associated encrypted personal identification numbers (PINs) too. The numbers could be used to make fraudulent withdrawals. 
Reuters quoted "a senior payments executive familiar with the situation." Target says that unencrypted PINs were not accessed during Black Friday breach and that there was no evidence that PINs were compromised. The Secret Service and Justice Department are investigating.
In an email earlier this week. Target downplayed the breach. Target spokeswoman Molly Snyder said  "We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised. And we have not been made aware of any such issue in communications with financial institutions to date. We are very early in an ongoing forensic and criminal investigation."
Stolen credit and debit card accounts are already flooding underground black markets. The cards were stolen during a security breach at Target stores starting on Black Friday 2013.  The cards are being sold in batches of one million cards.
According to KrebsOnSecurity, the Target Black Friday cards are being sold from around $20 to more than $100 each. The Target Black Friday incident is the second-largest credit card breach in U.S. history. In 2005 at least 45.7 million card users were scammed in a breach involving retailer TJX Cos.
KrebsOnSecurity is a security news site that has been on top of the Target Black Friday breach. KrebsOnSecurity says there are hundreds of online stores worldwide that sell stolen credit and debit cards from banks. Their reporters spoke to a fraud analyst at a major bank. The analyst said his team infiltrated an online store that advertised in cybercrime forums. The store advertised itself as a place where thieves can buy stolen cards. The fraud analayst was able to buy a portion of the bank's accounts.
The fraud analyst said the purchase was made before the Target Black Friday breach was announced.  40 million credit and debit card customers were affected when Target, the nation's second-retailer, was hit by a data breach. Customers who shopped at Target after Thanksgiving through Dec. 15 are susceptible to fraud. Target announced it will offer a 10% discount as a credit fraud apology.