P.F. Changs Confirms Security Breach

After initial silence, P.F. Changs restaurant chain goes live with website disclosing information on stolen credit card data.

Restaurant chain P.F. Changs Thursday confirmed that it is investigating a security breach affecting credit and debit card data that may have been stolen electronically from some of its restaurants.
After
initially declining to confirm reports about the breach
, P.F. Changs Thursday
launched a website devoted to updating customers on the status of the investigation
, which the company says is being conducted in conjunction with the US Secret Service and a team of third-party forensics experts.
The website offers few details on the compromise, so far, other than that it involves credit and debit card data reportedly stolen from some our our restaurants. This wording has caused many experts to conclude that the breach occurred in P.F. Changs point-of-sale (POS) systems, though the chain has not confirmed this conclusion. P.F. Changs says it has reverted to a manual card imprinting system at all of its China Bistro-branded restaurants in the US until the investigation is complete.
The incident was not discovered by internal security staff, but was reported to the restaurant chain by the Secret Service on June 10, the website says.
Industry observers noted that the breach is another in a long line of data compromises that have occurred in the retail industry over the past year, including incidents at Target, Neiman-Marcus, and the Sally Beauty retail chains.
This isnt surprising, says Philip Casesa, director of IT/service operations at (ISC)2, a leading association of security professionals. In fact, it seems to follow the same MO as the Target and Sally Beauty attacks,
where point-of-sale machines with traditionally weak security were targeted. Large retailers maintain centralized connections to these machines for updating, and an attacker can exploit that to distribute malware efficiently and collect large swaths of magnetic stripe data from the cards. Without proper detection of this malware on the retailers part, these breaches can run almost unfettered until the attackers have enough or their exploit window is somehow closed.
P.F. Changs decision to go back to manual, paper-based credit card processing is a short-term answer, experts say.
Going to the use of carbon forms together with payment information isnt as crazy as it sounds, says Dwayne Melancon, CTO at security firm Tripwire. After all, if youre not sure which of your data systems you can trust, why would you put even more data into those systems?
Carbon forms aren’t practical in the long term, though. The risk in paper-based collection is that many retailers no longer have effective processes or employee training designed to secure, monitor, and control physical card slips. A paper-based approach may reduce one specific type of risk, the risk still exists; the data protection problem has just changed form.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
P.F. Changs Confirms Security Breach