Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

P.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

PF Chang's Data Breach

PF Chang's Data Breach

After saying earlier this week that it was investigating reports of a data breach related to payment cards used at its locations, P.F. Chang’s China Bistro confirmed on Thursday that credit and debit card data has been stolen from some of its restaurants.

Interestingly, the company also said that it has switched over to manual credit card imprinting systems for all P.F. Chang’s China Bistro branded restaurants located in the continental United States. 

The popular restaurant chain said that on Tuesday, June 10, the United States Secret Services alerted the company about the incident.

According to a statement posted to P.F. Chang’s website, the company initiated an investigation with the Secret Service and a third-party forensics firm to understand the nature and scope of the incident.

“Because we are still in the preliminary stages of our investigation, we do not yet know which credit or debit cards may be involved. P.F. Chang’s has notified the credit card companies and is working with them to identify the affected cards,” the statement explained.

On Tuesday, security blogger Brian Krebs reported that cards reportedly used at P.F. Chang’s were found at carder forum rescator[dot], which happens to be the same site where cards belonging to victims of the Target breach were sold. According to Krebs, several banks said the latest collection of cards had all been used at P.F. Chang’s locations between March 1 and May 19.

In an FAQ posted to its website, the company explained that it has temporarily ditched its electronic Point-of-Sale System in favor of old-school “imprinting devices” to process payments while the company gets the situation under control and understands the scope of the attack.

“All P.F. Chang’s China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions,” the company said. “This allows you to use your credit and debit cards safely.”

Advertisement. Scroll to continue reading.

“With clear details not available on P.F. Chang’s breach, it mirrors the trend we’ve been seeing with other recent high profile data breaches – meaning the response time could be lengthy,” Simon Eappariello, SVP product & engineering at iboss Network Security, told SecurityWeek.

“In looking at the information currently available, the breach could be the result of an attack on POS equipment, or more likely, a central database server – as several P.F. Chang’s locations seem to be implicated in different states.”

“This new PF Chang’s breach continues an ongoing trend of high profile breaches where the company seems to have no internal awareness about its occurrence until this external notification of private information has been exposed and the focus for identification is all occurring post-breach,” Will Gragido, Director of Security Intelligence at NSS Labs, told SecurityWeek.

“With the increasingly frequent attacks against the retail industry and POS infrastructure, it appears there is a larger systemic issue at play and it is likely that these breaches will continue,” Gragido added.

Anyone who has visited a P.F. Chang’s and used a payment card over the last several months should monitor their accounts and report any suspected fraudulent activity to their card company.

The company has also setup a line for customers to call if they have additional questions: 1-877-782-6356.

Related: Cybercriminals Targeting Cloud-Based PoS Systems via Browser Attacks

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.