The Los Angeles Times reports that P.F. Chang’s, an Asian restaurant chain with roughly 200 franchises across the United States and abroad, may be the newest outlet targeted by hackers who stole the restaurant chain’s customers’ credit and debit card information.
That information was later sold on the internet on the website rescatir.so, according to Brian Krebs, a security blogger who also reported a huge data breach at the Target retail chain last year. Krebs added that the information from P.F. Chang’s was selling for $18 to $140 per card.
Krebs wrote that according to various banks, the stolen data has come from franchises in at least six states: Florida, Maryland, New Jersey, Pennsylvania, Nevada, and North Carolina. He stated that the data breach happened between the end of March and May 19. He asserted:
The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software.
P.F. Chang’s admitted there was indeed a data breach, and continued, “P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more. We will provide an update as soon as we have additional information.”
Ryan Burnheimer, vice president of business development for Trusted Sec, a security consulting firm, said that for the hackers to target P.F. Chang’s as opposed to Target, a much larger company, meant it was a sophisticated operation, explaining, “Hacking P.F. Chang’s is going to be more complicated.”