Business

P.F. Chang's customers' credit, debit card data stolen, report says

P.F Chang's restaurant chain may be victim of hackers
Report says hackers stole customers' credit and debit card data, and offered it for sale on the Internet
P.F. Chang's says it can't confirm a breach, but is investigating

 P.F. Chang's may be the latest victim of a data breach.

The popular Asian restaurant chain said it was looking into a report that unknown hackers stole customers' credit and debit card information, and put it up for sale on the Internet.

Security blogger Brian Krebs wrote Tuesday that banks have reported data being pilfered from P.F. Chang's locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina.

Krebs gained attention late last year when he revealed the massive data breach at the Target retail chain.

The P.F. Chang's breach occurred between the end of March and May 19, according to Krebs. Card data was being offered on the website rescatir.so, a site favored by the Target hackers, for $18 to $140 per card, Krebs reported.

"The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards," Krebs wrote. "The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software."

The company said it could confirm the existence of a breach, but issued a statement saying it was looking into the matter.

"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," the statement said. "We will provide an update as soon as we have additional information."

The alleged data intrusion suggests the willingness of hackers to go after relatively small companies.

P.F. Chang's has about 200 locations in the U.S. and abroad. The Scottsdale, Ariz.-based company was acquired by private equity firm Centerbridge Partners for $1.05 billion in 2012.

The company also operates Pei Wei Asian Diner, a more casual Asian restaurant chain with more than 170 U.S. locations.

Intruding on smaller chains can be more difficult than breaching a larger company where there are more ways to gain electronic access, said Ryan Burnheimer, vice president of business development for Trusted Sec, a security consulting firm.

"Hacking P.F. Chang's is going to be more complicated," he said.

Copyright © 2014, Los Angeles Times
Comments
Loading