Bad news if you were one of the 40 million people whose credit and debit card information was stolen from Target earlier this month: It turns out the criminals also gained access to your PIN data, a fact that Target had previously denied.

A Target spokeswoman admitted on Friday that the thieves captured the PIN information, but said the numbers are encrypted and require a code from a separate, uncompromised system.

"We remain confident that PIN numbers are safe and secure," Molly Snyder, Target's spokeswoman said in a statement. "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

Uh huh. As the New York Times points out, hackers have, in some cases, managed to decode information encrypted with similar technology. Even if the PIN numbers remain secure, the theft—the second largest breach of a retailer in history—has been a nightmare for Target. Credit card information from Target customers is already for sale on the black market, and some banks—like JPMorgan Chase and Santander Bank—have placed spending caps on potentially compromised cards.

[Image via AP]