P.F. Chang’s Credit Card Breach is Confirmed

On Friday, the P.F. Chang’s China Bistro announced that they had suffered a breach that involved data from the debit and credit cards of customers that were used in its restaurants. This confirmed a report earlier in the week.

After discovering the breach on Tuesday, the company started its investigation with the Secret Service of the United States and a third-party team of forensic experts. The investigation was to better understand the scope and nature of the breach, and while that investigation was ongoing, it was concluded that data was compromised, said Rick Federico the CEO of P.F. Chang’s.

Federico said a website had been created by the company – pfchangs.com/security – for its customers to be given updates and to answer questions from the customers. In the meantime, the restaurant chain is using a manual credit card processing system.

Federico also said that the company was encouraging patrons to be vigilant about have their statements from their debit and credit cards checked. Any fraudulent activity that is suspected should immediately be reported to the individual card company.

There are 211 P.F. Chang’s restaurants across the U.S. and another 192 Pei Wei Asian Diner operated by the restaurant chain based in Scottsdale, Arizona.

The initial mention of the breach came from Brian Krebs a blogger that specializes in cyber security. He has uncovered other data breaches including the one last year at Target.

His website said the customer data from thousands of debit and credit cards previously used at the restaurant chain were put up for sale on an underground site that was known for doing the same for the Target breach.

Krebs reported that he had contacted his banking sources who told him the cards from the P.F. Chang’s locations were from March of 2014 through May 19 of 2014.

The expert on security said the most common way that thieves steal this form of card data is through hacking into the cash registers at different retail locations and planting software that is malicious that record the magnetic stripe of data on a card when it is swiped.