P.F. Chang's names 33 restaurants hit by data breach

Exposure ranged from weeks to months; free fraud monitoring offered

Sienna Kossman
Personal finance writer
Statistics enthusiast focused on data-driven content

P.F. Chang's China Bistro has for the first time put boundaries around the size of the card processing system data breach, revealing where and when its restaurants hit, exposing sensitive customer credit and debit card information to potential theft.

The breach hit 33 of its 210 restaurants in the continental United States, and they were not affected all at once. Some systems were exposed for only a couple of weeks, while others became vulnerable Oct. 19, 2013, and were not secured until the breach was discovered and contained June 11, 2014. 

(Could your card be affected? See chart, "P.F. Chang's restaurants affected by data breach")

While the restaurant chain's card processing systems were vulnerable, processed card data such as card numbers and cardholder names and card expiration dates became exposed to whoever accessed the systems, according to a press release from P.F. Chang's CEO Rick Federico. The company has confirmed only the breach, not whether cardholder data was stolen.

Shortly after discovering the breach, the restaurants switched to old-fashioned that recorded credit card numbers manually. As of Aug. 4, "The security compromise has been contained and we have replaced the affected hardware and returned to our standard credit and debit card processing system," according to Federico's statement.

If you visited an affected P.F. Chang's restaurant during a period of card system vulnerability, continue to closely monitor your checking and debit accounts and report any unusual activity to your card company or issuing bank. The investigation is ongoing and consumers are advised to continue checking P.F. Chang's online Security Update for news.

Placing a fraud alert on your credit file can also help you monitor criminal activity that may occur separate from your cardholder accounts.

P.F. Chang's is offering free identity protection services through AllClear Secure to potential victims for a one year period beginning Aug. 4. To sign up, visit pfchangs.allclearid.com and verify via an online form that you used a card at one of the affected restaurants during the breach periods.

State, city
Address Exposure time frame
7135 E. Camelback Rd.
Peoria  16170 N. 83rd Ave.
Chula Vista
 2015 Birch Rd.
 Torrance  3525 Carson St.
 Carlsbad  5621 Paseo Del Norte
 Temecula  40762 Winchester Rd.
 Palo Alto  900 Stanford Shopping Center
 Sherman Oaks
 15301 Ventura Blvd.
 Rancho Cucumonga
 7870 Monticello Ave.
 Newport Beach
 1145 Newport Center Dr.
 Lakewood  7210 W. Alameda Ave.
 Winter Park  436 North Orlando Ave.
 Palm Beach Gardens
 3101 PGA Blvd.
 Clearwater  27001 U.S. Highway 19 N, Ste. #1150
 Schaumburg  5 Woodfield Mall
 Baltimore  600 E. Pratt St.
 Chesterfield  1295 Chesterfield Parkway East
 St. Louis
 25 The Boulevard Saint Louis
 South Las Vegas
 3667 Las Vegas Blvd.
 New Jersey
 Princeton  3545 U.S. Highway 1
 New York
White Plains
 125 Westchester Ave.
 North Carolina
 Durham  6801 Fayetteville Rd.
 Charlotte  10325 Perimeter Parkway
 Dayton  2626 Miamisburg-Centerville Rd.
 Tulsa  1978 E. 21st St.
 Collegeville  10 Providence Town Center
 Pittsburgh  1600 Settlers Ridge Center Dr; Bldg. 1300
 Glen Mills
 983 Baltimore Pike
 Chattanooga  2110 Hamilton Place Blvd.
 Austin  10114 Jollyville Rd.
 Woodbridge  15151 Potomac Town Place
 Bellevue  525 Bellevue Square
 Lynnwood  3000 184th St.

See related: How can I protect my point-of-sale system against security breaches?, 4 ways crooks cash in on your personal and financial data

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.

Updated: 03-24-2019