|By Gilad Parann-Nissany||
|January 1, 2014 10:00 AM EST||
It seems Target got breached, really seriously, and 40 million credit card pins were stolen. However – and here is the ‘glass half full’ part in what otherwise would be a complete disaster – since the master key for the encryption of the credit card pins was separate from the breached Target system, it is claimed the bad guys cannot unencrypt those pins. Target is therefore able to claim a kind of ‘Safe Harbor’: that the key to decrypt the data could not have been taken, and “The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken”.
As security breaches multiply, and especially with the risks associated with cloud computing, security in the cloud should follow strong principles – even stronger than what Target did – and then even if something bad happens you can still have Safe Harbor. We recently talked about Safe Harbor at length in the specific context of Healthcare, but it holds equally for credit cards.