P.F. Chang’s China Bistro has been hit with a class action lawsuit tied to the recent data breach.
The lawsuit was filed in U.S. District Court in Illinois by plaintiff John Lewert. A resident of Illinois, Lewert is seeking monetary and statutory damages as well as injunctive and declaratory relief.
According to the lawsuit, Lewert went to a P.F. Chang’s restaurant in Northbrook, Illinois, on or about April 3, 2014, and used a debit card to make a purchase. This entered him into “an implied contract” with the restaurant that included the protection of his debit card information. The breach, the lawsuit contends, violated that contract by exposing his information.
“P.F. Chang’s failure to comply with reasonable security standards provided P.F. Chang’s with short-term and fleeting benefits in the form of saving on the costs of compliance, but at the expense and to the severe detriment of P.F. Chang’s own customers – including Class members here – who have been subject to the Security Breach or otherwise have had their financial information placed at serious and ongoing risk,” according to the suit.
“P.F. Chang’s allowed widespread and systematic theft of its customers’ financial information,” the suit continues. “Defendant’s actions did not come close to meeting the standards of commercially reasonable steps that should be taken to protect customers’ financial information.”
P.F. Chang’s did not respond to a request from SecurityWeek for comment about the lawsuit.
The restaurant confirmed the breach, which may have affected as many as 7 million cards, last month after reports of the situation became public. So far, details about how the breach happened have not been publicly explained, but the company contacted law enforcement and began an investigation after being notified of the situation.
In light of the investigation, the company began using manual imprinting devices to process credit and debit card payments at P.F. Chang’s China Bistro restaurants in the continental United States.
Though the company has stated it learned of the breach June 10, 2014, there have been reports that the breach may have gone back to September 2013.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
