P.F. Chang’s customers’ credit, debit card data stolen, report says

P.F. Chang's locations in California were not among those targeted in a recent data breach, according to a report. Above, a P.F. Chang's at the Beverly Center.
P.F. Chang’s locations in California were not among those targeted in a recent data breach, according to a report. Above, a P.F. Chang’s at the Beverly Center.
(Ricardo DeAratanha / Los Angeles Times)

P.F. Chang’s may be the latest victim of a data breach.

The popular Asian restaurant chain said it was looking into a report that unknown hackers stole customers’ credit and debit card information, and put it up for sale on the Internet.

Security blogger Brian Krebs wrote Tuesday that banks have reported data being pilfered from P.F. Chang’s locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina.

Krebs gained attention late last year when he revealed the massive data breach at the Target retail chain.


The P.F. Chang’s breach occurred between the end of March and May 19, according to Krebs. Card data was being offered on the website, a site favored by the Target hackers, for $18 to $140 per card, Krebs reported.

“The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards,” Krebs wrote. “The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software.”

The company said it could confirm the existence of a breach, but issued a statement saying it was looking into the matter.

“P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the statement said. “We will provide an update as soon as we have additional information.”


The alleged data intrusion suggests the willingness of hackers to go after relatively small companies.

P.F. Chang’s has about 200 locations in the U.S. and abroad. The Scottsdale, Ariz.-based company was acquired by private equity firm Centerbridge Partners for $1.05 billion in 2012.

The company also operates Pei Wei Asian Diner, a more casual Asian restaurant chain with more than 170 U.S. locations.

Intruding on smaller chains can be more difficult than breaching a larger company where there are more ways to gain electronic access, said Ryan Burnheimer, vice president of business development for Trusted Sec, a security consulting firm.


“Hacking P.F. Chang’s is going to be more complicated,” he said.