PF Changs Served Credit Card Data

credit card

The news seems to carry stories almost daily about companies suffering data breaches where hundreds or millions of people’s credit card information, Social Security data, medical records or some other confidential data has been exposed. Target and eBay were two big newsmakers in the past year for data exposure issues, but the problem continues to run rampant. Today’s latest breach announcement is from P.F. Chang’s China Bistro, which has admitted that it inadvertently served credit card and debit information at restaurants in its chain over the past few months.

P.F. Chang’s confirmed that a data breach involving credit and debit cards used at the chain’s restaurants took place. The firm learned of the breach June 10 from the United States Secret Service, which was part of the U.S. Treasury Department prior to the creation of the Homeland Security Department, but it still responsible for investigating financial crimes at the federal level.

The restaurant chain has since launched an investigation with the Secret Service and a third-party group of technology forensics experts. P.F. Chang’s Web site says that they are still investigating the nature and scope, but they have concluded that customers’ information was indeed accessed.

Reports are circulating that someone served themselves to data from thousands of stolen cards had been used at P.F. Chang’s restaurants from early March through approximately May 19. The restaurant chain has not confirmed the time period.

There are many methods hackers use to breach data from companies. Not all data breaches lead to issues with customers’ credit cards or debit cards, but there have been cases that required banks to issue new cards and new card numbers because of illegal usage of the cards. One way this happens is when hackers plant software into cash registers at retail locations that records data from the each credit card’s magnetic stripe. That information is then put onto new credit cards and used by thieves to buy goods.

A security blogger reported on his Web site that the information was pilfered specifically from P.F. Chang’s locations in Florida, Maryland, Nevada, New Jersey, North Carolina and Pennsylvania. The blogger claims that the credit card data from P.F. Chang is being offered for sale on a card by card basis, which purchasers then use to buy merchandise until the card no longer works for them.

While the exact data breach methodology and specifics are being researched by the restaurant chain, they have moved to a manual credit-card imprinting system at all of its P.F. Chang’s restaurants within the continental U.S. to allay customer concerns. They are also asking those who dined at their restaurants in recent months to be vigilant about monitoring their bank and credit card activity and to report anything suspicious to their bank or the card company.

P.F. Chang’s has more than 200 of its china bistro restaurants. The company also operates Pei Wei Asian Diner, which is a casual Asian restaurant chain that has grown to almost 200 locations. However, no issues have been reported that thieves served themselves credit card data at that chain too, just at P.F. Changs.

By Dyanne Weiss

Sources:
P.F. Changs
Los Angeles Times
Wall Street Journal

Your Thoughts?