In the latest potential big-company data breach, P.F. Chang’s China Bistro is investigating claims of stolen consumer credit and debit information. The company alerted customers to the security breach on June 12 after receiving information from third-party experts.
According to Reuters, stolen card information began appearing for sale on an underground website, known as Rescator, several days ago, and all the cards had one thing in common: they were used at U.S. locations of P.F. Chang’s between March and May this year. The casual dining chain is comprised of 211 restaurants in the U.S., and the list of compromised P.F. Chang’s locations includes restaurants in Florida, Pennsylvania and New Jersey.
“P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more. We will provide an update as soon as we have additional information,” said Anne Deonovic, a spokeswoman for the company. So far, Rescator is advertising the potential P.F. Chang cards as having a “100% validity” rate — this means that very few cards have yet been shut down. Fraud experts, though, say that there has not yet been an observable spike in credit or debit card fraud for cards used at the restaurant.
It’s possible that the source of the data breach was POS malware, and it seems that P.F. Change investigators either agree, or are taking extra care, because the restaurant has moved to only using manual credit card swipes as of this week. Target’s huge data breach that occurred in Dec. 2013, and affected a total of about 40 million cards, was the result of POS memory-scraping malware.