P.F. Chang’s restaurant chain is investigating a possible large scale payment card breach after details for thousands of credit and debit cards were being offered for sale on the underground criminal marketplace rescator[dot]so, according to KrebsOnSecurity.
“P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the company said in an emailed statement to Krebs.
“P.F. Chang’s is aware of a situation where stolen credit cards used at several of its restaurants experienced fraud on them,” states Anne Deanovic, a spokeswoman for the company told BankInfoSecurity. “We will provide an update as soon as we have additional information.”
“I have a feeling it will be like the retail breaches, this is is just one of many. Surprised they published to Rescator as it is being monitored by pretty much all law enforcement agencies and fraud analyst networks, they might as well have posted them on eBay,” said Ken Westin, security researcher with Tripwire.
“It is still early in the process. As is the case with many of these breaches, there is not much public data on the extent of the loss and it may take a while for the investigation to sort through the data on the compromise in order to provide specifics,” noted Dwayne Melancon, CTO at Tripwire.
“However, the preliminary data indicates that magnetic stripe data was captured which means that a card skimmer or POS malware attack is the likely attack vector. The compromise seems to have gone on for quite a while before discovery, so the number of consumers impacted could be significant,” Melancon said.