Target: Customers' encrypted PINs were obtained

Target now says payment card PIN numbers were included in the recent theft of some 40 million customer credit and debit card numbers.

The company, though, says files containing the numbers are encrypted and it doubts the encryption can be cracked to reveal PIN numbers.

The PIN information is encrypted within Target's systems and can only be decrypted when it is received by the retailer's external, independent payment processor, the retailer said, adding that the key necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident.

Target says customers debit card accounts have not been compromised due to the encrypted PIN numbers being taken.

Previously, Target had said there was "no indication that there has been any impact to PIN numbers," assuring customers that "someone cannot visit an ATM with a fraudulent card and withdraw cash."

Consumer Reports recommends people should replace debit and credit cards whose numbers were stolen at Target stores by hackers. The magazine says people should seek new cards even if fraudulent charges have yet to show up. Consumer Reports says replacing the cards is the easiest and most certain way to preclude fraud.