If you ate at one of these PF Chang's restaurants, your bank card is at risk

Pwned payment systems at eateries throughout the US


US eatery chain P.F. Chang's has named 33 of its restaurants that were compromised by bank card fraudsters this year.

The company said payment systems at its Chinese bistros in states from California to Florida were infiltrated, allowing crooks to siphon off victims' credit and debit card details.

According to the restaurant chain, the security breach occurred between October of 2013 and June of 2014, when the slurping was discovered. In the aftermath of the scam, the company briefly took its card systems offline and used carbon paper images.

The breached restaurants include eight locations California, three in Pennsylvania, and two in Washington.

"We have determined that the security of our card processing systems was compromised, and we have reason to believe that the intruder may have stolen some data from certain credit and debit cards that were used during specified time frames at 33 P.F. Chang's China Bistro branded restaurant locations in the continental United States," the company said.

"The potentially stolen data includes the card number and in some cases also the cardholder's name and/or the card's expiration date. However, we have not determined that any specific cardholder's credit or debit card data was stolen by the intruder."

The company said that it will pay for identity protection services for customers exposed by the breach.

P.F. Chang's is not alone in experiencing a high-profile breach of customer data. Last year, retail giant Target lost card details for 40 million customers, while online market eBay and tickets site StubHub each fell victim to security breaches. ®


Keep Reading

Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000

Nearly 2,000 e-commerce shops pwned over weekend so it's time to migrate

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks

Airline was saving domain admin creds and card details alike in plaintext

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

More than 3,500 folks' payment info quietly stolen

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

Perl clutching time again

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Great – and who will be the first responders?

Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants

More than 1 million social numbers nicked among other details – FBI collars, charges software engineer

Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher

Exclusive Crooks fail to hijack infosec bloke's site to dress it up as a legit Euro bank login page

Biting the hand that feeds IT © 1998–2020