P.F. Chang’s Provides Data Breach Update, Confirms Compromised Locations

P.F. Chang’s China Bistro has been investigating a breach involving its payment card processing system since the US. Secret Service alerted the company of a possible compromise back on June 10, 2014.

 While the investigation is ongoing, the restaurant chain said on Monday that the security compromise has been contained, and that P.F. Chang’s has been “processing credit and debit card data securely” since June 11, 2014.

“We have determined that the security of our card processing systems was compromised, and we have reason to believe that the intruder may have stolen some data from certain credit and debit cards that were used during specified time frames at 33 P.F. Chang’s China Bistro branded restaurant locations in the continental United States,” Rick Federico CEO of P.F. Chang’s wrote in a statement issued Monday. “The potentially stolen credit and debit card data includes the card number and in some cases also the cardholder’s name and/or the card’s expiration date. However, we have not determined that any specific cardholder’s credit or debit card data was stolen by the intruder.”

The company also provided a list of the 33 restaurant locations from which they believe credit and debit card data may have been compromised, along with a time frame during which cards used at those locations may have been at risk.

On June 13, the company said that it temporarily ditched its electronic Point-of-Sale System in favor of old-school “imprinting devices” to process payments while the company gets the situation under control and understands the scope of the attack. “All P.F. Chang’s China Bistro branded restaurants in the continental U.S. are using manual credit card imprinting devices to handle our credit and debit card transactions,” the company said at the time.

According to P.F. Chang’s, certain cards used at the following restaurant locations during the dates listed may have been compromised: