it reads, the p.i.n. rmation was fully encrypted at the keypad, remained encrypted within our system and remained encrypted when it was removed from our system. target says there's no reason to believe that that data is not still encrypted. we spoke to security experts who asked if that is not possible for that to be decrypted. they said the likelihood of that will depend on the specifics of the encryption system. if you're a customer who uses a debit card and are concerned about the money in your account, you probably don't want to sit around waiting to see if the hackers can decode some of this, fred. >> we've got an expert to tell us what you do with that kind of information that you're sharing with us now from credit sesame.com. you heard alexandra explaining that the information at target is encrypted and stays encrypted within that keypad. plausible? >> plausible, but trust but verify. look, this hack was not performed by some dude breaking a window and grabbing your microwave and running down the st

the retail giant saying debit card p.i.n. numbers were stolen along with names and card numbers as part of the recent hacking. still, target insists the p.i.n. code information is safe and secure, in a statement, saying "the p.i.n. information was fully encrypted at the keypad, remained encrypted within our system and remained encrypted when it was removed from our systems." the company insists it would be unlikely that hackers would be able to unscramble the data, but some experts remain concerned. >> the encryption itself is actually an industry-grade standard, data encryption standard, and they use something called triple dez, which definitely allows it to be protected. but unfortunately, the problem with p.i.n. numbers is they're only four characters, meaning there are only about 10,000 different combinations you can do in order to get it, so altogether, it's not going to hold up because hackers can do brut forcing to essentially grab those p.i.n. numbers itself. >> reporter: the security breach affecting nearly 40 million

target says when the p.i.n. numbers left the store, they were encrypted and should still be encrypted. but some security experts are saying there are programs out there aim to break the codes, so there's no reason that consumers shouldn't be proactive about taking a few steps to protect themselves now. just a day after saying there was no evidence that personal identification numbers or p.i.n.s were accessed in a massive security breach, a turnaround from target. the retail giant saying debit card p.i.n. numbers were stolen, along with names and card numbers, as part of the recent hacking. still, target insists the p.i.n. code information is safe and secure, in a statement saying, quote, the p.i.n. information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems. the company insists it would be unlikely that hackers would be able to unscramble the data, but some experts remain concerned. >> the encryption itself is an industry data st

target says the p.i.n. numbers are encrypted, so they are still safe. what is your take? >> well, that's what we have to go on. unfortunately, we really don't know for sure if the hackers were able to put in software into the point of sale systems at any of the target stores. it's possible they could have intercepted the information but we really don't know. really, who cares if the hackers got the p.i.n.s because if they got the debit card numbers, they are able to use the debit cards online without the p.i.n. the only thing you need is the code, the cvv code to commit fraud using the cards as long as the debit card allows you to use it as a point of sale card as well. >> you have quite a resume. you have a 100% track record for being able to break into any corporate system for which you have been paid to hack. what is your advice? what advice would you give to target to protect themselves against future hackings? >> target, obviously, they had a huge security issue. they were compromised. we don't know how the hackers got in. obviously, target needs to ramp up their secu

the company does insist though the p.i.n. code information is secure because it's heavily encrypted. the security experts say that may not be enough. >> unfortunately, the problem with p.i.n. numbers is they are only four characters so there's only about 10,000 different combinations that you can do in order to get it. so altogether, it's not going to hold up because hackers can do brute forcing it to essentially grab those p.i.n. numbers. >> even if you haven't noticed any suspicious activity, experts say it's not a bad idea to change your p.i.n. just in case. >>> three more east bay cities will ban plastic bags starting on new year's day. stores and restaurants in el cerrito, richmond and san pablo will no longer provide free plastic bags for purchases. many will have paper bags though available for a small fee. but customers are encouraged to bring their own reusable bags. >>> several new state laws are taking effect in the new year. teenaged drivers will be banned from texting while driving even with hands-free devices. st

in the news, target is admitting that debit card p.i.n. re among the information stolen during that massive security breach. but the retailer says it says the stolen p.i.n.s were incrypted, which reduces the risk to customers. >>> a fire inside a passenger train in india this morning. 23 people were killed and 67 others were injured. officials say most of those who died died of smoke inhalation. >>> and utah's state attorney general is planning to take the fight against same-sex marriage to the u.s. supreme court. he says he will ask the justices to block a lower court ruling earlier this month that struck down the ban on gay unions. since that ban, hundreds of same-sex couples have married in utah. >>> an epic dunk by lebron james lands him in the record books. here it comes. he rang up his 21,819th point in his career, in the game between the miami heat and the sacramento kings. that pushed him past larry bird. his 33 points in that game, they weren't enough. the heat lost. and lebron was injured in the game but not seriously. >> wow. >>>

the problem with p.i.n. numbers is they are only four characters, so there are only 10,000 combinations. it won't hold up, because hacker disbrute for -- hackers can brute force it. >> the advice for all of the people right now is to replace their bank cards and credit cards and to get some new p.i.n. numbers. also, security experts are telling people they need to be looking at their banking and credit card statements carefully, watching for small charges, it could indicate if fraudsters are checking to see if the accounts are active, and sometimes you miss the smaller charges, before you get hit for a bigger charge. >> great point. >> alexandra field, thank you. >>> still to come, the new year is almost here, but you still have time to make sure you don't have to pay the taxman too much. we've got some tips to keep your money in your pocket. that's coming up next. >>> plus, more drama on "duck dynasty," as if we needed any more. a&e does an aboutface on the show's suspended star. side-by-side, so you get the

code information was accessed, but here's the important thing, the p.i.n. nformation was strongly encrypted the key to the encryption was not accessed as part of the breach. in fact targets says the keep to the encryption never even existed within the company's systems. the way this works is, when you swipe your card at targets and punch in your p.i.n., there's a process that translates it into a nearly indecipherable, target says it uses something walled the triple dds to encrypt the p.i.n. codes. experts say it would be difficult to impossible to break the process if the key was robust enough. targets has decline to comment on that further. what a lot of people, though, are wondering is how close the authorities are to identifying the thief who may have accessed up to 40 million customers, the secret service, the u.s. justice department aren't commenting on that. however, brian cribs, a cybersecurity expert who broke the story says he's identified someone in eastern europe who is behind the website that's been selling the target data. that doesn't mean he

once they've tested one number, the algorithm changes the pin p.i.n. o give management a break. they're trying to figure out how they are -- >> it's true target uses the same encryption methods, more or less, that most retailers. i wonder if we haven't focused more on jpmorgan and their response to this, immediately in the case of those, to be proactive about restricting access to customer funds and limit it from being a broader situation. eric, your thoughts, what grade would you give target here? >> i would be more positive. i don't think i've ever worked on a crisis where pundits don't come out and say they get a "d" or an "f." the problem with that is we're all making judgments in this nano cycle that's short term. i think if it turns out that the damage has not been working in a major way, that people have not been bilked out of billions of dollars, they'll recover very well. two years from now, one year from now, we'll talk again and they'll probably get an "a". >> eric, thanks. >> the market doesn't seem to care. the market believes this is a fla

the chip and p.i.n. technology closes these loopholes by requiring a p.i.n. number for the karled holder to make a pruch. it makes it difficult to duplicate. around 80 countries across the world use these cards already compared to 1% in the u.s. it was developed in 1994 with the help of companies like visa and mastercard. stewart mcclaire is the founder and ceo of silence, a security company, from california. stewart, if this credit card that uses these chips is supposedly safer and better, why aren't more americans using them? >> well, i think there's a couple of reasons. first of all, there is an expense to this. it's a massive expense for the banks, the retailers and efforts. you know, at the end of the day, too, they're a political angle to all of this. it is a difficult political decision to be made not just on the expense side but also just what risks do involve this smart chip and p.i.n. system as well. there are risks. they were men in the middle attacks and similar attacks if all indications are correct around the current card attack, some might have

the p.i.n.as fully encrypted at the keypad remained enkrissed within our system and remained encrypted when it was removed from our systems. raj samani says target's analysis of risk related to stolen p.i.n.s seems correct. triple des encryption is strong and there shouldn't be any reason to change your numbers. mark rogers from lookout says there's no such thing as permanently strong encryption. he says, in my world there's no such thing as permanently secured encryption. one process is called hashing, which turns your p.i.n. into random numbers. it cannot be reversed. rogers says this method is favored by his colleagues in the security industry and believes hashing may end up the gold standard of security one day. >> morgan, thanks. it's enough to make you about to bitcoins, isn't it? >> bill such a cynic. >> not enough? >> such a cynic. prime numbers have a lot to do with digital cryptography. >> you're not going math whiz, are you? >> it's fascinating. >> it is. >> we asked has american expr

. >>> they got the p.i.n. numbers. that's what target says about the hackers. target says the numbers are encrypted so the number is small. but the haerks did get names, debit and credit card codes and all the information em wedbedded on the strips. >>> ups and fedex are playing catchup. ups said it will issue refunds to customers who paid for holiday delivery but did not receive their packages in time. the surge created the backlog. the trouble comes as the next part of the shipment season begins after-christmas exchanges and, of course all the returns. >> the investigation into the massacre of the sandy hook elementary school massacre is finally over. state police released the final report along with hundreds of photos. the photos describe in graphic detail what happen ded. 20 first graders and 6 adults died and then adam lanza killed himself. >>> the spacewalk began by place high-resolution cameras outside the station. the goal was to beam it back to earth. when nothing transmitted the astronauts were told to take down the cameras and bring them back for ins

the p.i.n. information was encrypted at the key pad, remained encrypted within our system and when removed from the system. certainly, that should sound comforting to shoppers, a few layers of security. with hackers who are this sophisticated, there are still reasons for shoppers to be concerned. >> i never use my debit card, i use my credit card. what do you do if you are concerned about your debit card information being compromised? >> reporter: the first thing to do, we are talking something that affects 40 million customers. this is a good time to learn about the cards in your wallet. if you have a debit or credit card, understand the difference in fraud liability between the two cards. you are offered more protection with credit cards. people are seeing that knowing their cards could be compromised. >> that is alexandra field reporting for us. no more delays. u.p.s. says customers can breathe a sigh of relief. the massive holiday backlog is now cleared. the shipping service blamed the delays

today the company confirmed that p.i.n. numbers from debit cards were stolen in the security breach. the news comes just one day after target said p.i.n. numbers were not compromised. according to a target spokesman, the p.i.n.s are strongly encrypted and can only be decrypted with a key held by an independent payment processor. target says the key was not stolen. >>> today is the final day to finish signing up for health insurance for those who were unable to do so by monday. the "covered california" website went down for a few hours for maintenance on monday. that happened as hundreds of thousands of people logged on to try and beat the deadline. people in the process of signing up were given until today to finish the process. >>> more than a million out of work americans will not get an unemployment check next week. the federal government's five- year program for those benefits ends tomorrow. the new budget signed by the program does not extend that plan. the senate is working on a bill to restore the benefits for three m

target spokeswoman molly snyder is maintaining the p.i.n.nd we have no reason to believe p.i.n. data was compromised. we have not been made aware of any such issue in communications with financial institutions to do. disturbing if this is the case. you think it happened between a three-week period, november 27 through december 15. yikes. >> it is amazing how quickly they can grab so much. >> yes. >> thank you so much. we'll be back with more. mine was earned orbiting the moon in 1971. afghanistan in 2009. on the u.s.s. saratoga in 1982. [ male announcer ] once it's earned, usaa auto insurance is often handed down from generation to generation because it offers a superior level of protection and because usaa's commitment to serve current and former military members and their families is without equal. begin your legacy. get an auto insurance quote. usaa. we know what it means to serve. hmm. mm-hmm. [ engine revs ] ♪ [ male announcer ] oh what fun it is to ride. get the mercedes-benz on your wish list at the winter event going on now -- but hu

it doesn't look like the card p.i.n. bers were stolen. >> i don't think it's safe anywhere anymore. this happened to me twice in the gas station. it seems to be the sign the times. people can hack into anything. >> target is warning customers to watch out for any unusual activity on their credit card and bank statements. in a statement issued today, the company said it is partnering with a third party forensics term and to examine any additional measures they can take that would be designed to prevent incidents of this kind in the future. the secret service is also looking into this case. >>> from divine intervention to illegal injunction. a new route for relatives of a little girl on life support at oakland children's hospital. tonight, they say they will be asking an alameda county judge to keep jahi on a ventilator. cheryl hurd has the latest. and the hospital, also in a difficult position. >> reporter: they are, indeed, jessica. late tonight, the family of jahi mcmath say they held a meeting with the head of pediatric

target tried to put nervous credit card holders at ease by saying that while the p.i.n. number shoppers enter when they use credit cards were taken, they were encrypted and, "reremain confident p.i.n. numbers are safe and secure." isn't encryption disguising data with complicated code completely safe? experts at silicon valley security giant mcafee say no. >> as the technology has gotten better to increencrypt these, s the technology to decrypt these. >> reporter: mcafee admits encryption, around for decades, commonly used in stores, makes it harder for data to be stolen. think of it as a high-tech security wall. >> it's like the decoder ring you had when you were a kid, diyky tracy, that sort of thing. it will slow down the criminals and decode the encryption. >> reporter: sometimes they can decode the encryption. >> well, there's always a risk because they can decode these over time using the right software and enough patience. >> reporter: which means it's still up to us to be individuvi about our credit cards. the best way to do that is stay in touch with your credit

according to the store's spokeswoman, the p.i.n. as stolen. >>> i'm craig melvin. secretary of state john kerry is continuing his quest for middle east peace. he will return to jerusalem and the west bank new year's day for talks between israeli and palestinian leaders. kerry has recently reignited talks from broke down in 2010. >>> more than 95,000 reports of sexual assault in the military were filed this year. that's an increase of more than 50% over last year. that's according to the "associated press." defense officials say that increased awareness may have led more victims to come forward. >>> thursday, president obama signed that defense bill that addresses the problem of sexual assault in the military. >>> retail marijuana sales in colorado are set to begin bright and early on new year's day. yesterday in denver, retailers were lined up as doors opened in the city's licensing bureau, ensuring that they'd be good to go on january 1st. only businesses that were already licensed to sell medical marijuana are allowed to make the t

. >> in london, security breaches have gone down 30% because of the chip and p.i.n. uld see more of that here in the u.s. and how that protects us. >> yes. so the rest of the world, particularly europe, including canada, has adopted a technology known as emv, chip and p.i.n., so instead of a magnetic stripe, it's a chip that stores your information. the major card brands are driving adoption of chip and p.i.n., we're lagging behind the rest of the world. they're driving that adoption by shifting the liability to the retailers on a schedule starting in late 2015 and extending into 2017 for different types of card transactions. so they're incentivizing the retailers to adopt this new, secure technology by shifting the liability onto them if they fail to adopt it. >> i think you made a good point today that people could actually use, to use the credit card, and maybe pay that off with a debit account, because the debit account takes money that you actually have. the credit card takes -- is paid not using your money. it's the credit card companies' money instead. all righ

the interim? >> reporter: crooks would need a p.i.n. number to withdraw cash from the atm all they need is the information on this strip to drain your bank account with purchases. so attention, target shoppers! changing your p.i.n. isn't enough to keep crooks from spending your money. now, most major banks say they won't hold you liable for fraudulent debit card transactions. and they urge customers to regularly check their statements for fraud. but if you think your debit card may have been compromised, your best bet is to get a new card right away. >> immediately. overheard some target employees the other day saying that a lot of those charges were from out of state. so that's a red flag also when you check your bill, they are seeing north carolina and from the east coast. have you heard that? >> reporter: i have. you want to check for small charges, five cents, 20 cents, one dollar. they are going to charge $1 to 10,000 cards. >> all right. thank you. >>> a new year means new laws. one of them is aimed at the youngest of california dr

the worst goes to target, with the p.i.n. mbers -- now chuck schumer wants to hold an investigation over it. >> patricia? >> my worst week is for eliot spitzer with a cheating scandal. i can't believe it. marriage is over. i assume his career is over but never say never, i guess. best week actually goes to president obama. he spent the whole week golfing in hawaii. i would trade places with him in a second. he's three days away from ending the worst year of his presidency. got to feel good about it. >> esther? >> best week for the las vegas cabbie who found $300,000 in the back at cab and returned it intact. the spirit of christmas is alive and well. the worst week was for adele wilde-blahvatski who suggested that white women should stop being bashed for talking about beyonce. i feel like there is a moment for white feminists to interrogate their own privilege as opposed to litigating black women's agency. my best and worst. >> thanks for that. susan, patricia, esther, thank you. that's a wrap of "weekends with alex witt." see

p.i.n. independently. it's just not worth their time to go after those encrypted p.i.n.s. >> some experts we've interviewed say they're not convinced the numbers are safe and recommend that you change your p.i.n. number immediately and again in a couple of weeks. >>> the first state license marijuana restalers in colorado are set to open their doors on january 1st. but they're not the only ones hoping to cash in. a limo service is the first one offering tours of pot retailers and grow facilities. similar, you might say, to wine tasting tours. the owner of the limo company says he's already booked some tours and is getting to know his new customers. >> surprisingly a much older clientele and, you know, clientele i was really shocked with because, you know, you got your lawyers, your doctors and people you wouldn't assume or think do marijuana, smoke marijuana. >> new year's day isn't expected to be a big pot tourism day because it's unclear how many retail shops will actually open. >>> now henry wofford, do you want to talk marijuana or cal bears? >> i'm high on sports. >> very nice. >> we've got a lot to talk about when we come back. w

target put out a letter saying in the case of this hack, p.i.n. t cards weren't affected. say the cvv data obtained was not what was obtained on the back. instead it's what's in that magnetic strip and what that means is you wouldn't necessarily be able to use the card to make an online purchase. rosa? >>> you'ren

the retailer confirmed today that debit card p.i.n. was stolen but target believes the p.i.n.s are still secured saying they are encrypted and can only be revealed with the key by appear independent payment processor. that key was not stolen. 40million customers were affected when hackers stole payment information during the holidays. >>> the breach is shedding light on card security. and cbs reporter ko im shows us that companies are looking to adopt new technology already used overseas to protect your private information. >> reporter: jessica likes to shop. she looks for steals. but recently thieves stole data from her debit card and tried to make an illegal purchase. >> it's scary. i have no idea how they got my particular number. >> reporter: debit and credit cards in the u.s. use a magnetic strip pe hit to hold account information. hackers have figured out how to steal that information and sell it on black market websites. >> fraud is about a $5 billion a year problem today. >> reporter: but the look and security of our cards are

target put out a letter saying in the case of this hack, p.i.n. numbers on the debit cards weren't affected. say the cvv data obtained was not what was obtained on the back. instead it's what's in that magnetic strip and what that means is you wouldn't necessarily be able to use the card to make an online purchase. rosa? >>> you're in the "cnn newsroom." i'm rosa flores like in atlanta. we'll looing looking at the stories you'll be talking about this week. let's begin with our five questions in the week ahead. -- captions by vitac -- www.vitac.com >>> the first question. the americans were able to get out of the african nation today. the rescue comes after a failed effort that left four u.s. troops wounded. the violence in the south sudan has grown since the president has accused his ex-vp of attempting attempting a coup. let's go to athena jones. hi, athena. what did he say? >> we were able to learn about the failed evacuation attempt to get the americans working for the americans out of the south sudan. this is part of the letter under the war po

the evidence is overwhelming. >> he kidnapped her, he pretended he was a cop, he raped her. he got her p.i.n. er false pretenses. he used her credit card, and he obtained her money. at the time she was pulled over, at the time that he placed her in handcuffs, and at the time that he obtained her p.i.n. number from her, she was under the reasonable belief that he was, in fact, an undercover narcotics officer. there is no mistaking that. he did not allegedly do it. he did it. >> come up to the podium, mr. harris. >> before the judge hands down the sentence, harris is allowed to address the court. >> you can say whatever you want. >> go closer. >> judge, i'm sure you're going to give a very theatrical statement after i give my statement, about how i'm a menace to society and what i allegedly did. this was a very tumultuous trial. the court's made some serious assertions as to what i did or didn't do irrespective of looking at all the evidence, so i don't need a chastising. i know what you're about to say. i'm familiar with your reputation. >> anything further? >> no, your honor. >> mr. harris, wi

a senior payments executive for major bank says that the encrypted bank p.i.n. ers may have been stolen by hackers. that would make it easier to make fraud leapt charges and the hackers cracked highly sophisticated encryption. 40 million customers were impacted by the breach. >>> the first day of kwanzaa. the seven-day holiday focuses on the african-american community that includes family, creativity and faith. >>> and this is one of the busine busiest shopping days of the year in other countries called boxing day. and it falls on the day after christmas every year. and looks kind of like black friday today in australia. hundreds of people waiting outside stores for hours so that they can get in on some great sales. australians are will spend, they estimate, $1.8 billion today. >> not this kind of boxing. this kind of boxing. >> there may be some going on to get the good deal. >>> you'll probably find good crowds if you head to the mall here today, too. >> in fact, many people here will be returning gifts or exchanging them, not necessarily buying them. if you ar

now, with that card info, the crooks can potentially create counterfeit cards and if they were to somehow intercept your p.i.n., then they could potentially withdraw cash from your accounts through the atms with those fake cards. >> sounds like the actual payment software was hacked with a piece of malware or some other kind of security breach in the credit card processing itself. that's uncommon. >> your address, date of birth, social security number. so once they access that, it's very easy for them to open up other credit cards or gift cards. >> reporter: now, target says they are moving swiftly to try and resolve this working with authorities and they have even hired a third party forensics team to figure out how this all happened. they apologize and they regret any inconvenience this may have caused to customers. >> thank you, kiet. if you are a victim of the data hacking call target's hotline the number on your screen >>> talk reseem as the bart board deals with another contract glitch. kpix 5's anne makovec is in the newsroom. with what happened. >> reporter: it is unbelievable. another contract disput

p.i.n. numbers are safe despite reports saying they were stolen during the data breach before christmas. target reports the hacker $steal the pips but the numbers were strongly encrypted and insisted the customers' it debit card accounts have not been compromised. 19-day breach from just before thanksgiving to december 15th is among the largest recorded data security breaches in the country. >>> new at noon, a federal judge in new york this morning ruled the nsa's massive data collection program is legal. in his decision, the judge said the program helps fight terrorist networks by collecting fragmented, fleeting communications after a ruling earlier this month by a u.s. district court judge that said the program likely violates the constitutional ban on unreasonable searches. >>> sniffling, sneezing, aches and pains. updating the areas hit the hardest and what's in store for the rest of the season. >>> a cooler day in the bay area today. is this a trend for the weekend? rosemary will be here for the weekend forecast. >> and trapped at sea, a sea of ice. a slow-loving rescue going on rig

information from the magnetic strips on the cards and that information could be used to make counterfeit cards or if it's a debit card, thieves may have your p.i.n. numbers so they can use a counterfeit card and an atm. >> this is one every those situations where in the past it's been done by hacking into a store's wi-fi and then using that to get into the corporate database. again, we don't know yet how this happen. >> in a statement sent out about an hour ago, target said it alerted authorities and financial institutions as soon as the breach was known and that the problem has now been fixed. >>> five people were tied up and beaten in their own home in vacaville. the neighborhood was locked down after the shooting began in the home on poplar street on the southeast side of the city. four men wearing black masks and black gloves stormed the house at about 6:00 last night. they all carried semi-automatic handguns. one of them shot one of the men in the house and pistol-whipped another. solano county deputies say they demanded some specific items and then they took off possibly in a silver toyota camry. >>> flames shot 100 feet into the air from

the grinch went high tech. pretty eye-opening, fredricka. security researchers say beware of manually entering your p.i.n. number into the mobile checkouts, and, of course, especially now, can't emphasize this enough, during the holiday season, be vigilant and checking the bank statements for any irregular activity. fredricka? >> all great advice. thank you so much, lori segal. >>> he made a winning move on the court as a star nba player. now, dennis rodman is hanging out with kim jong un. what's rodman's end game in north korea? that's next in the "newsroom." it's donut friday at the office. and i'm low man on the totem pole. so every friday morning they send me out to get the goods. but what they don't know is that i'm using my citi thankyou card at the coffee shop, so i get 2 times the points. and those points add up fast. so, sure, make me the grunt. 'cause i'll be using those points to help me get to a beach in miami. and allllllll the big shots will be stuck here at the cube farm. the citi thankyou preferred card. now earn 2x the points on dining out and entertainment, with no annual fee.to apply, go

the big shopping days bere christmas left. i don't think it affects anybody else. i'm curiou do you mean i shouldn't use my birthday as my p.i.n my dog's name? >> you could have been surprising me, too. it does hurt credit card companieses es and banks that ie credit cards. some of the people who stole credit card information will be spending. >> the problem is the target i.t. guy used his dog's name as the pass word. that's how the leak happened. i would disagree. i think it is a slight boost for the economy. i don't like saying this is good for the economy but what happens when your c dies? when took my card they went on a speing spree at best buy. the hackers will buy stuff. does the consumer foot the bill? n that's why they use the pass word of their dog. visa, mastercard, the banks get hosed on this and have t reimburs all the bad chges but the money is being spent and into the gdp and holiday sales. >> i have to give you a chance at this, jhn. >> i used jonas's dog for my pass word. >> ramon! uh-oh. >> i love you. that's the craziest thing i ha heard. i feel sorry for target. this is the second biggest security breach in

. >>> target is trying to stop the bleeding after details surrounding its massive security breach went from bad to worse. they are revealing p.i.ners were stolen by hackers. gabe gutierrez is outside target in atlanta. good morning to you. why is target the swiped pins can't be used? >> good morning. the nation's third largest retailer insists it was stronglien cysted and can't be unlocked. so far no evidence to suggest the pin data has been compromised but some security experts worry it's possible. this morning the investigation into one of the largest data breaches in u.s. history is deepening and customers remain nervous. >> it makes me leery about going there. >> at first they said 40 million of its customers numbers had been stolen around the start of the holiday shopping season. now the retailer confirms en crypted numbers were confirmed. we remain confident that pin numbers are safe and secure. >> would you go in and make a purchase with your debit card, they never see your pin number in the clear. all they possess is the encrypted number. >> target says since that digital key is not within their system. >> it would take

the breach as of last sunday. but they didn't say why they haven't told customers until today. bottom line, if you use a debit card, change your p.i.n. and get a new one. if you used a credit card, probably not as urgent. target set up a hotline and we have information about that on our website, kpix.com/consumerwatch. on the consumerwatch, julie watts, kpix 5. >>> as bad as all this is, it's not the worst security breach we have seen. in 2006, tjx companies which owns tj maxx and marshalls suffered a breach that affected 94 million accounts. it cost the company $68 million in fraud losses. back in 2011, hackers accessed 77 million accounts of the sony playstation network. that same year, 60 million people were affected when hackers attacked epsilon, an email marketer with clients like best buy, capital one and walgreens. >>> the families of eight special ed. students will split an $8 million settlement all because of allegations that a teacher hit, slapped and verbally abused the kids. the allegations center around a school in antioch. that's where da lin is tonight. >>> reporter: this tearful father feels guilty for the abuse of h

p.i.n. numbers were not stolen. but the bottom line is we're all at risk.our debit and credit purchases are as vulnerable as hackers are creative. >> that's something we definitely had to keep in mind. i know you also had breaking news for us. the long-awaited report on the secret service is now out. several agents soliciting prostitutes. what is the breaking news here? >> reporter: abc news received a copy of the report last night. the headline, while a large number of agents engaged in embarrassing behavior in colombia, the report found there was no such widespread sexual misconduct throughout the agency. the inspector-general examined 824 cases of employee misconduct between 2004 and 2013. among those, a handful of investigations found prostitution cases. they also surveyed more than 2,500 secret service employees. 83% of those said they were not aware of widespread sexual misconduct. but it's unclear how skeptics in congress will receive these findings. many believe colombia was an example of the culture of misconduct, robin. >> pierre, thank you. >>> a

the easiest thing to do get a new p.i.n. ith your bank and keeping in touch with fraud because we know it happens too often. >> the debit card saying use your credit cards so that way it doesn't get access to your account. alexandra field is there in a very chilly brooklyn. we appreciate it, thank you. >>> another victim falls prey to the knockout game. >> next, why prosecutors are going after his accused attacker on federal hate crime charges. [ sneezes, coughs ] i've got a big date, but my sinuses are acting up. it's time for advil cold and sinus. [ male announcer ] truth is that won't relieve all your symptoms. new alka seltzer plus-d relieves more symptoms than any other behind the counter liquid gel. oh what a relief it is. if you have a business idea, we have a personalized legal solution that's right for you. with easy step-by-step guidance, we're here to help you turn your dream into a reality. start your business today with legalzoom. >>> coming up on 22 after the hour now, and if you have not had your flu shot, thin

the blaze. stolen more information t0eblp attack against target. a seniorÑi payments executive f a major bank says that encrypted bank p.i.n. numbers may have u s.mers' accounts. itjf m hackers cracked highly sophisticatedoke1 encryption. targ target, meanwhile, denies that any p.i.n. numbers were stolen. 40 millionnb customers were impacted by that breach. and a u.s. senator is hoping to similar attack to better protect we saw with target.fá new jersey democrat robert menendez is announcing a plan today that ep says will betterer protectg you against credit car breaches. he will introduce that plan outside of the target store in jersey city later this morning. he says it will ensure you are protected if a retailer fails to safeguard your personalxd information. >>> 6:55 on your thursday morning. today is the first day of focuses on the seven principles believed to be thelpok pillars the african-american community including family, creativity and faith. >>> 6:55. most of you saysçó you are reao ring in the new year with some optimism. of g almost, think that your fortunes will improve in 2014. the reviewÑi of 2013 not quite f 20% of you say i

. >> the secret service has confirmed this morning that they are investigating a massive scam affecting millions of target customers. >> credit card number debit cards, p.i.nng the nsa's massive data collection. >> it shows that finally we have very clear indications that the u.s. economy is on much steadier footing. >> astronauts will perform the first of three space walks on saturday. they'll use special helmets fitted with snorkels. >> one of the stars of the hit reality program "duck dynasty" is off the show phil robertson is suspended after making anti-gay comments. >> they have changed how they rate cars. last year 130 cars got top safety picks, this year only 39. >> the first winner to step forward is identified as ira curry. she picked the right number by using family birthdays. >> 8, 14 17 20 39 which seems so obvious in retrospect. ♪ >> i'm gayle king with norah o'donnell and jeff glor. charlie is off today. millions of target shoppers may find a big old lump of coal in their christmas stocking. they're all potential victims of identify thieves. >> hackers tapped into the credit card scanners and stole customers' financial data. the scam went on

we got the secret service looking into it, the d.o.j., a half dozen lawsuits facing them, and now word that potentially encrypted p.i.nut we look at past breaches and it's hard to see where it pinched on earnings. what's the long-term fallout? >> i think it will be interesting to hear where the breach was. if there was enough security and another way they found a way around it, or target didn't do what they were supposed to do to protect the consumer -- and i think that's going to determine sort of how the fallout works for them. if it was not on their own accord, and it just was happ happenstance, then there's nothing they could have done about it. >> we're told they run one of the strongest front ends in retail, and yet this happens to them. thank you for your insight, jaime. >> thank you for having me. >>> 2013 was a year of upheaval across the globe. there are riots in several countries. as we move closer to the new year, what places should you be watching overseas? we'll get to that answer in just a moment. >>> first, rick santelli, sir, what are you watching today in the bond market? ♪ >> what everybody's watchi