Another possible data breach
resulting in the theft of an unknown number of customer credit cards, is being investigated by a national restaurant chain. P.F. Chang's is looking into the reported theft of credit cards that are said to have been stolen from its restaurants earlier this year. The company was altered to the breach by authorities, after a listing a credit card numbers tied to the company were put on sale on an underground website.
Security journalist Brian Krebs
reported on the sale, stating that banks had reported a number of cards on the list to find that they had been used at P.F. Chang's restaurants between March and May 19. The banks that Krebs contacted said that the cards had been stolen from locations in Florida, Maryland, Nevada, New Jersey, North Carolina and Pennsylvania.
On Twitter, Krebs said that the number of cards that have been stolen could be in the millions if the theft was chain-wide. The company operates 211 restaurants in the United States. He originally stated in his article that the number of cards obtained during the data breach numbered in the thousands.
Even though the exact number of cards on the listing being sold is unknown, there are at minimum some 5,000 cards available for criminals to purchase. Krebs says that the listing is only showing off the first 100 pages, with about 50 cards worth of data listed on each. Each card is selling for somewhere between $18 and $140 dollars.
P.F. Chang's has yet to give any information regarding the breach, stating that it is still looking into the allegations. It is unknown if the data that was stolen had been encrypted in any way. A spokesperson from the company reached out to Reuters
to make a statement on the situation.
"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," said spokeswoman Anne Deanovic. "We will provide an update as soon as we have additional information."
If the breach turns out to be tied to the restaurant chain, P.F. Chang's will become the fifth major business to be tied to data theft in the US in the last year.