Scottsdale, Ariz. – On dates ranging from October 19, 2013 and April 10, 2014, hackers compromised the security of credit card processing systems at 33 locations of the P.F. Chang’s restaurant chain in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina, and may have stolen consumer credit card data. The U.S. Secret Service notified P.F. Chang’s of the breach on June 10, 2014 and P.F. Chang’s says it has been processing credit card numbers securely since June 11.
In a statement on the P.F. Chang’s website attributed to CEO Rick Federico, the company said it quickly moved to a manual processing system for all credit and debit card transactions to prevent any further potential exposure of customers' credit and debit card information. The security compromise has been contained and P.F. Chang’s has replaced the affected hardware and returned to our standard credit and debit card processing system.
The potentially stolen data includes the card number and in some cases also the cardholder's name and/or the card's expiration date. However, P.F. Chang’s has not determined that any specific cardholder's credit or debit card data was stolen by the intruder(s). P.F. Chang’s says it doesn’t have sufficient contact information to contact potentially affected guests directly, but has emailed customers that have provided their email address. The retailer is providing customers who used a credit card at the affected stores during the breach with free 12-month access to the All Clear Secure service.
According to the KrebsonSecurity blog, thousands of new credit card numbers went up for sale on a well-known underground website used by data thieves. Banks reported that all the numbers had been used beginning of March 2014 and May 19, 2014.