Payment card breach at US restaurant chain P.F. Chang's
Posted on 11 June 2014.
Asian-themed US restaurant chain P.F. Chang's China Bistro has apparently suffered a breach that resulted in the theft of customers' payment card data.


The extent of the breach and, indeed, the breach itself is yet to be officially confirmed by the company, but according to bank sources interviewed by Brian Krebs, some of the compromised cards have been used at various P.F. Chang’s locations between early March and May 19, 2014.

“P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the company commented. “We will provide an update as soon as we have additional information.”

A strong indication that the company has suffered a breach came in the form of an ad on the popular carder store Rescator(dot)so on June 9. The seller offered a "fresh" batch of card data for prices between $18 to $140 per card, and said that they are "100%" valid, which seems to imply that the breach happened recently and has not yet been detected and, therefore, the cards in question have not yet been cancelled.

"The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash (think iPads and gift cards, for example)," Krebs explained.

The number of compromised cards is unknown. According to bank sources, the data was apparently stolen from P.F. Chang's restaurants in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina. It's believed that the attackers managed to compromise the establishments' point-of-sale (POS) systems.

Additional guidance in the ad on how to pay for the data dump points to the criminals behind this breach being from Russia and/or Eastern Europe.









Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //