Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

P.F. Chang’s Investigates Possible Breach of Customer Credit Cards

P.F. Chang’s China Bistro is investigating reports of a breach after data from thousands of credit and debit cards were discovered being offered online on a notorious underground forum.

P.F. Chang’s China Bistro is investigating reports of a breach after data from thousands of credit and debit cards were discovered being offered online on a notorious underground forum.

The presence of the cards on rescator[dot]so was first reported by security blogger Brian Krebs. It is the same site where cards belonging to victims of the Target breach were sold. According to Krebs, several banks said the latest collection of cards had all been used at P.F. Chang locations between March 1 and May 19.

Update: P.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

“P.F. Chang’s takes these matters very seriously and is currently investigating the situation [and] working with the authorities to learn more,” a company spokesperson told SecurityWeek. “We will provide an update as soon as we have additional information.”

According to Krebs, the banks reported that the cards were stolen from P.F. Chang restaurants in Maryland, Florida, Pennsylvania, Nevada and North Carolina. There are more than 200 P.F. Chang restaurants in the United States. The company also operates Pei Wei Asian Diner, which has roughly 200 locations as well.

“Organizations are so focused on what is coming into their networks they don’t pay enough attention to what is going out,” said Chester Wisniewski, senior security advisor at Sophos. “The card issuers have far better analytics to find these types of patterns. They call it CPP for common point of purchase. When you have fraud or find 100 or so of your cards on a carder forum you start to look for patterns or CPPs. This is how most card breaches are discovered in my experience.”

Steve Hultquist, chief information officer and vice president of customer success at RedSeal Networks, noted that the complexity of modern networks makes securing them challenging. 

“Let’s face it, attempting to focus on every possible path through a network is impossible for any human being,” he said. “The only way to protect an organization from these ongoing threats is to clearly know that your network is defending your data in both directions. And the only way to do that is with systems that analyze all the possible paths and maps them to expected network security architecture.”

Advertisement. Scroll to continue reading.

 

UpdateP.F. Chang’s Confirms Payment Card Breach: Reverts to Imprinting Devices

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.