P.F. Chang’s confirmed a data breach yesterday after finding that debit and credit cards used in six states and a few countries were up for sale on an underground store, the same one that caused the Target data breach.
Restaurants in Florida, New Jersey, Maryland, Pennsylvania, Nevada and North Carolina were hacked, cybersecurity blogger Brian Krebs reports. Restaurants of the chain that are located in Argentina, Mexico, Canada and the Middle East were also hacked.
The company says it will switch to manual credit card imprinting until the problem is solved, meaning that “all domestic P.F. Chang’s branded restaurants in the continental U.S. will be retaining the carbon copies,” a PFC spokesperson told Krebs.
A PFC statement attained by Krebs reads:
“On Tuesday, June 10, P.F. Chang’s learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.
At P.F. Chang’s, the safety and security of our guests’ payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang’s China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.
We have also established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions.
Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements. Any suspected fraudulent activity should be immediately reported to their card company.
We sincerely regret the inconvenience and concern this may cause for our guests.”
There has been no update on the consequences faced by the debit/credit card holders who’s information was stolen.