P.F. Chang's names 33 restaurants hit by data breach
Exposure ranged from weeks to months; free fraud monitoring offered
Statistics enthusiast focused on data-driven content
P.F. Chang's China Bistro has for the first time put boundaries around the size of the card processing system data breach, revealing where and when its restaurants hit, exposing sensitive customer credit and debit card information to potential theft.
The breach hit 33 of its 210 restaurants in the continental United States, and they were not affected all at once. Some systems were exposed for only a couple of weeks, while others became vulnerable Oct. 19, 2013, and were not secured until the breach was discovered and contained June 11, 2014.
(Could your card be affected? See chart, "P.F. Chang's restaurants affected by data breach")
While the restaurant chain's card processing systems were vulnerable, processed card data such as card numbers and cardholder names and card expiration dates became exposed to whoever accessed the systems, according to a press release from P.F. Chang's CEO Rick Federico. The company has confirmed only the breach, not whether cardholder data was stolen.
Shortly after discovering the breach, the restaurants switched to old-fashioned that recorded credit card numbers manually. As of Aug. 4, "The security compromise has been contained and we have replaced the affected hardware and returned to our standard credit and debit card processing system," according to Federico's statement.
If you visited an affected P.F. Chang's restaurant during a period of card system vulnerability, continue to closely monitor your checking and debit accounts and report any unusual activity to your card company or issuing bank. The investigation is ongoing and consumers are advised to continue checking P.F. Chang's online Security Update for news.
Placing a fraud alert on your credit file can also help you monitor criminal activity that may occur separate from your cardholder accounts.
P.F. Chang's is offering free identity protection services through AllClear Secure to potential victims for a one year period beginning Aug. 4. To sign up, visit pfchangs.allclearid.com and verify via an online form that you used a card at one of the affected restaurants during the breach periods.
- What to do if your card is posted online – Once posted, the question is becomes not so much what were you thinking, but what happens if you do find yourself in this plastic pickle? ...
- New technology, analytics help fight card-not-present fraud – Issuers innovate to thwart cybercriminals, but the shift to mobile puts the onus on merchants to step up against card-not-present fraud ...
- Immigrants may need good credit to stay in the U.S. – Under a new proposal, the government would review the credit histories and credit scores of immigrants seeking visas or other status changes. But achieving a high U.S. credit score is an obstacle for many immigrants ...