P.F. Chang's China Bistro, a chain of restaurants serving Asian food, is the victim of a data breach that may have provided customer credit card and debit card information to hackers.
The company claims the security breach was limited to 33 locations within the U.S.
According to information released by P.F. Chang's, "The United States Secret Service alerted P.F. Chang's of a possible security compromise involving credit and debit card data reportedly stolen from certain P.F. Chang's China Bistro-branded restaurants located in the continental United States. We have determined that that security of our card processing systems was compromised, and we have reason to believe that the intruder may have stolen some data from certain credit and debit cards that were used during specified time frames at 33 P.F. Chang's locations."
Stolen data may have included card numbers, and possibly cardholder's names and/or card expiration dates. The company is not able to name any specific cardholder names.
Exposure dates for data breaches in all cases run through June 11, 2014. After this date, the company claims that its systems are now safe. Start dates for risk vary by location, ranging from Oct. 19, 2013, for some; Feb. 21, 2014, for others; and April 10, 2014, for the remainder. That means that depending on location, customers may have been at risk for nine, four or two months until the leak was secured.
The compromised data processing system hardware was removed from service until its security was assured. In the interim, the restaurants processed credit and debit cards manually.
Locations at risk in 17 states include P.F. Chang's in Arizona, California, Colorado, Florida, Illinois, Maryland, Missouri, Nevada, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Tennessee, Texas and Washington. No Pei Wei-branded restaurants were affected by this data breach.
Any customers who suspect that their information may have been compromised should immediately contact their bank and/or their credit card company. Since, as mentioned, P.F. Chang's does not have the names of individual cardholders potentially involved, the company will not engage in any customer notification on its own.
As a concession to potentially affected customers, however, P.F. Chang's will provide automatic enrollment in AllClear Secure, a credit-monitoring and identity security service, for one year.
The company also suggests that customers have credit bureaus place a fraud alert on their files, and that any complaints about possible fraud should be filed with the Federal Trade Commission.