Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

P.F. Chang’s Investigates Possible Breach of Customer Credit Cards

P.F. Chang’s China Bistro is investigating reports of a breach after data from thousands of credit and debit cards were discovered being offered online on a notorious underground forum.

P.F. Chang’s China Bistro is investigating reports of a breach after data from thousands of credit and debit cards were discovered being offered online on a notorious underground forum.

The presence of the cards on rescator[dot]so was first reported by security blogger Brian Krebs. It is the same site where cards belonging to victims of the Target breach were sold. According to Krebs, several banks said the latest collection of cards had all been used at P.F. Chang locations between March 1 and May 19.

Update: P.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

“P.F. Chang’s takes these matters very seriously and is currently investigating the situation [and] working with the authorities to learn more,” a company spokesperson told SecurityWeek. “We will provide an update as soon as we have additional information.”

According to Krebs, the banks reported that the cards were stolen from P.F. Chang restaurants in Maryland, Florida, Pennsylvania, Nevada and North Carolina. There are more than 200 P.F. Chang restaurants in the United States. The company also operates Pei Wei Asian Diner, which has roughly 200 locations as well.

“Organizations are so focused on what is coming into their networks they don’t pay enough attention to what is going out,” said Chester Wisniewski, senior security advisor at Sophos. “The card issuers have far better analytics to find these types of patterns. They call it CPP for common point of purchase. When you have fraud or find 100 or so of your cards on a carder forum you start to look for patterns or CPPs. This is how most card breaches are discovered in my experience.”

Steve Hultquist, chief information officer and vice president of customer success at RedSeal Networks, noted that the complexity of modern networks makes securing them challenging. 

“Let’s face it, attempting to focus on every possible path through a network is impossible for any human being,” he said. “The only way to protect an organization from these ongoing threats is to clearly know that your network is defending your data in both directions. And the only way to do that is with systems that analyze all the possible paths and maps them to expected network security architecture.”

Advertisement. Scroll to continue reading.

 

UpdateP.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.