PF Chang’s Data Breach: 33 Restaurants, 16 States

The company announced which states and locations were affected by a data breach back in June.

PF Chang’s Data Breach: 33 Restaurants, 16 States
Jennifer Kumar / CC BY NC ND 2.0

P.F. Chang's China Bistro is finally revealing some information about a data breach the Secret Service alerted it to back in June.

The restaurant chain announced credit and debit card data might have been stolen from 33 U.S. restaurants. The affected locations are in California, Florida and New York, among other states.

In a statement, the company's CEO Rick Federico said: "The potentially stolen credit and debit card data includes the card number and in some cases also the cardholder's name and/or the card's expiration date. However, we have not determined that any specific cardholder's credit or debit card data was stolen by the intruder."

The Wall Street Journal notes the Chinese food chain didn't try to hide the data breach when it first learned about it. Instead, it made the public aware of the issue immediately and said it was already working with the Secret Service and third-party forensics experts to investigate the intrusion. 

Back in June, independent journalist Brian Krebs reported on his blog that information from those credit cards was found on the darknet site Rescator, which is probably best known as the site that sold information from millions of debit and credit cards hacked into from Target. (Via Krebs on Security)

Now, in addition to those 33 locations, WLTX says the company also revealed the breach occurred between Oct. 19, 2013, and June 11, 2014. 

In his statement, Federico advised anyone who dined at one of those locations during that period to check their financial records for fraudulent activity. 

P.F. Chang's also set up a security site for customers to go to with questions. On the site, it let all customers know it's been working with AllClear Secure, which is going to provide protection to customers for the next 12 months. 

In the event that data was stolen, there is some good news. The Federal Trade Commission says the Fair Credit Billing Act makes it so "your liability for unauthorized use of your credit card tops out at $50." And if the compromised card is reported before the thief is able to use it, the card owner isn't liable for any charges made with it. 

P.F. Chang's is just one of many businesses hit by hackers this year. In fact, MarketWatch reports about 170 data breaches have occurred so far in 2014.