Still, the retailer said Friday that it remains "confident that PIN numbers are safe and secure."
The PIN data is encrypted as it's entered by a customer at a keypad at checkout, protected with what's known as Triple DES encryption, according to Target.
The PIN information stays encrypted within Target's system and "remained encrypted when it was removed," the Minneapolis-based company said.
The code can only be cracked when the data is received by Target's external, independent payment processor, according to the retailer.
"What this means is that the 'key' necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident," the company said Friday.
The retailer didn't address the possibility that hackers sophisticated enough to execute a break-in during prime shopping season-lasting from the crazed Black Friday weekend through Dec. 15 -- might be able to outwit the encryption defense.
"The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken," Target said.
The company said its investigation into the incident is "still in the early stages" and "is continuing and ongoing."
Phony credit cards made with the stolen information are already being sold on the black market, according to some reports. A senator from Connecticut is calling for a probe into Target's security infrastructure; several state attorneys general have asked for more information on the hack.
After the breach, Target's perception among consumers hit its lowest point in more than six years, according to sentiment tracker YouGov BrandIndex.
MORE HBJ HEADLINES
Boeing expands Oklahoma City facility, business presence 4:11 p.m. Windows 10 fixes annoyances in earlier versions Don’t blame economy: More millennials living at home Fed holds steady on interest rates Taiwan, Thailand join deal to end tariffs on tech products Briefs: PUD offers heating, weatherization incentives
Our new comment system is not supported in IE 7. Please upgrade your browser here.