Newsroom

June 13, 2014

Chain confirms breach; NAFCU concerns reported

June 16, 2014 – Nationwide restaurant chain P.F. Chang's Chinese Bistro confirmed it had experienced a data security breach in March, which reportedly affected thousands of customers' credit and debit cards.

In the wake of these reports, NAFCU Vice President of Legislative Affairs Brad Thaler wrote lawmakers to reiterate the association's call for a national data security and breach notification standard for retailers, a call which was noted in The Hill and POLITICO.

In the letter, Thaler wrote: "It has been almost six months since Target's data breach, and we still have no new data security standards for retailers. Since Target, there has been a major data breach discovered almost every month. The continued lack of national data security standards is an open invitation to cybercriminals."

The restaurant chain said it had learned of the breach last week, on June 10, and that it would switch to a manual credit card imprinting system. It also announced a website for consumers to ask questions and receive updates about the investigation.

KrebsOnSecurity.com reported that the stolen cards used at P.F. Chang's were being sold on the same underground store that sold tens of millions of cards taken during the massive Target data breach late last year.

The site also reported that the cards being sold are advertised at "100 percent valid" meaning that 100 percent of the cards sold are guaranteed to work.