On August 4th, P.F. Chang released a statement from CEO Rick Federico with new information about the data breach identified in June that compromised credit and debit card holder data of patrons of their American Chinese Bistro restaurants. Most significantly, the company now claims that only 33 of its 204 restaurants and their patrons were impacted.
The statement asserts that they learned of the breach from the US Secret Service on June 10th, but that they were able to “contain” the breach the next day. That does not mean that they had immediately diagnosed and addressed the breach itself on the 11th. Their restaurants reverted to the old paper based card printers, ubiquitous a generation ago, to evade the problem. To date, the company has not released any details about how the breach could have occurred and if the problem has in fact been diagnosed.
While the statement asserts “we have not determined that any specific cardholder’s credit or debit card data was stolen by the intruder” the fact that the breach was discovered by the Secret Service suggests that some suspicious activity was identified connected to cardholder data.
The statement lists all 33 locations involved in the breach. While the percent of their locations is small, it is noticeable that they span the nation from coast to coast. Patrons are urged to check their card statements for suspicious activity and to take advantage of the restaurant’s offer of free alert services from the major credit card monitoring services. Unfortunately, the firm has not indicated exactly what period customer’s data was exposed, other than tht the problem was contained by June 11th of this year.
The P.F. Chang data breach is one of several high profile compromises of cardholder data at major retail establishment over the past year. This has resulted in a movement to replace the current card and Point of Sale (POS) system technology that relies on data on magnetic strips with data on imprinted microchips. The microchip technology is widely used in Europe where such incidents are much less common.