Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

P.F. Chang’s Data Breach Could Go Back Months

The breach at P.F. Chang’s China Bistro may have stretched on longer than some thought.

According to reports, the breach may go back as far as September 2013, roughly nine months before it was first discovered. 

The breach at P.F. Chang’s China Bistro may have stretched on longer than some thought.

According to reports, the breach may go back as far as September 2013, roughly nine months before it was first discovered. 

According to Krebs on Security, Visa issued an alert June 17 to a bank notifying them that hundreds of cards were exposed Sept. 18, 2013. Though the alert did not specifically mention P.F. Chang’s, the bank had purchased more than a dozen cards being sold on a cybercrime forum that has been exclusively selling cards stolen from P.F. Chang’s. Every one of the cards was listed in the alert from Visa, according to Krebs.

P.F. Chang’s did not respond immediately to a request for comment. Previously, the restaurant chain said it learned of the compromise June 10, and immediately began cooperating with the U.S. Secret Service as well as third-party forensics experts.

“At P.F. Chang’s, the safety and security of our guests’ payment information is a top priority,” spokesperson Anne Deanovic said in a statement June 12. “Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang’s China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.”

If the breach did stretch on for nine months, it would not be the first time that significant time went by before a security breach was plugged. According to the Verizon’s 2014 Data Breach Investigations Report, weeks and months often went by in the cases they investigated in 2013 before the breach was discovered. The Target breach went undiscovered for more than two weeks before the attack was uncovered.

TK Keanini, CTO of Lancope, said that the incident shows that early forms of detection need to be implemented by businesses to keep this from happening “over and over again.”

“The detection here is much too late in the chain of events as the retailer is only made aware that they have been compromised when someone finds their stolen customer data on the black market,” he said. “While this is a form of detection, it is the most expensive form.”

Advertisement. Scroll to continue reading.

According to reports, banks reported the cards were stolen from P.F. Chang’s China Bistro restaurants in Maryland, Florida, Pennsylvania, Nevada and North Carolina. There are more than 200 of the restaurants in the United States. The company also operates Pei Wei Asian Diner, which has roughly 200 locations as well, but that chain has not been implicated in the breach. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.