The restaurant chain P.F. Chang’s has identified 33 locations across the United States that were affected by a breach of the company’s credit card and debit card processing system reported in June earlier this year.
Rick Federico, P.F. Chang’s CEO, stated in a press release today that the data breach stealing customers’ card numbers, as well as cardholders’ names and expiration dates has been contained.
The disclosure of restaurant locations revealed that as many as eight restaurants had data stolen over the course of eight months, beginning Oct. 19, 2013, through June 11, 2014.
Following this breach period, eight more locations were compromised since Feb. 21, 2014, through mid-June. In April of 2014, hackers continued exfilitrating data from 15 different locations. Lastly, two additional restaurants were breached in October 2013.
The map below shows the locations breached, including multiple locations in California, Florida, Arizona, Washington and various restaurants across the east coast.
P.F. Chang’s stated the investigation of this massive breach continues, but in the meantime suggests customers remain vigilant and seek to protect against possible identity theft or other financial loss by reviewing personal bank statements for unusual activity.
“The amount of time it has taken P.F. Chang’s to determine the scope of the breach is problematic,” said Ken Westin, Tripwire Security Researcher. “Due to the amount of time that has passed any damage caused by the cards being available on the black market is already done.”
“It will take more time for P.F. Chang’s to fully recover from this breach in terms of establishing trust of their network, but even longer to establish trust of their patrons again.”
Read More Here…