Payment card data at P.F. Chang’s may have been exposed for as long as nine months or more, a timeline based on a card issuer alert which listed compromised cards dating back to September 18, 2013.
The restaurant chain began investigating a possible large scale payment card breach after details for thousands of credit and debit cards were being offered for sale on the underground criminal marketplace rescator[dot]so, according to KrebsOnSecurity.
Krebs reports that Visa issued a Compromised Account Management System (CAMS) alert in late June, and the advisory included a list of compromised payment cards which were purchased by an unnamed bank from a black market site that was specifically offering what the sellers claimed to be card data obtained from the restaurant chain.
“The Visa document did not name P.F. Chang’s as the source of the breach (CAMS alerts typically do not identify the victim merchant directly). Visa declined to comment for this story,” Krebs reports. “P.F. Chang’s spokeswoman Anne Deanovic declined to answer direct questions about the breach window, saying in a statement Tuesday that the company had not yet nailed down the exact timing of the breach.”
The exact number of cards compromised has not been determined, but Krebs estimates that the restaurant chain processes as many as 800,000 cards per month. P.F. Chang’s has had to resort to using antiquated carbon payment slips while the investigation into the security of their point-of-sale (PoS) systems continues.
“It is still early in the process. As is the case with many of these breaches, there is not much public data on the extent of the loss and it may take a while for the investigation to sort through the data on the compromise in order to provide specifics,” noted Dwayne Melancon, CTO at Tripwire.
“However, the preliminary data indicates that magnetic stripe data was captured which means that a card skimmer or POS malware attack is the likely attack vector. The compromise seems to have gone on for quite a while before discovery, so the number of consumers impacted could be significant,” Melancon said.
Read More Here…