Security Experts:

Connect with us

Hi, what are you looking for?



P.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

PF Chang's Data Breach

PF Chang's Data Breach

After saying earlier this week that it was investigating reports of a data breach related to payment cards used at its locations, P.F. Chang’s China Bistro confirmed on Thursday that credit and debit card data has been stolen from some of its restaurants.

Interestingly, the company also said that it has switched over to manual credit card imprinting systems for all P.F. Chang’s China Bistro branded restaurants located in the continental United States. 

The popular restaurant chain said that on Tuesday, June 10, the United States Secret Services alerted the company about the incident.

According to a statement posted to P.F. Chang’s website, the company initiated an investigation with the Secret Service and a third-party forensics firm to understand the nature and scope of the incident.

“Because we are still in the preliminary stages of our investigation, we do not yet know which credit or debit cards may be involved. P.F. Chang’s has notified the credit card companies and is working with them to identify the affected cards,” the statement explained.

On Tuesday, security blogger Brian Krebs reported that cards reportedly used at P.F. Chang’s were found at carder forum rescator[dot], which happens to be the same site where cards belonging to victims of the Target breach were sold. According to Krebs, several banks said the latest collection of cards had all been used at P.F. Chang’s locations between March 1 and May 19.

In an FAQ posted to its website, the company explained that it has temporarily ditched its electronic Point-of-Sale System in favor of old-school “imprinting devices” to process payments while the company gets the situation under control and understands the scope of the attack.

“All P.F. Chang’s China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions,” the company said. “This allows you to use your credit and debit cards safely.”

“With clear details not available on P.F. Chang’s breach, it mirrors the trend we’ve been seeing with other recent high profile data breaches – meaning the response time could be lengthy,” Simon Eappariello, SVP product & engineering at iboss Network Security, told SecurityWeek.

“In looking at the information currently available, the breach could be the result of an attack on POS equipment, or more likely, a central database server – as several P.F. Chang’s locations seem to be implicated in different states.”

“This new PF Chang’s breach continues an ongoing trend of high profile breaches where the company seems to have no internal awareness about its occurrence until this external notification of private information has been exposed and the focus for identification is all occurring post-breach,” Will Gragido, Director of Security Intelligence at NSS Labs, told SecurityWeek.

“With the increasingly frequent attacks against the retail industry and POS infrastructure, it appears there is a larger systemic issue at play and it is likely that these breaches will continue,” Gragido added.

Anyone who has visited a P.F. Chang’s and used a payment card over the last several months should monitor their accounts and report any suspected fraudulent activity to their card company.

The company has also setup a line for customers to call if they have additional questions: 1-877-782-6356.

Related: Cybercriminals Targeting Cloud-Based PoS Systems via Browser Attacks

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...