By Brianna Sacks / Los Angeles Times
P.F. Chang’s China Bistro Inc. has provided new details about a security breach discovered in June, saying customer data may have been stolen from more than 30 restaurants in 16 states.
The restaurant chain said Monday that credit card numbers, expiration dates and, in some cases, cardholder names were stolen over eight months. However, the chain has not yet determined if “any specific cardholder’s credit or debit card data was stolen by the intruder,” according to Chief Executive Rick Federico.
P.F. Chang’s confirmed the data breach June 13, three days after the U.S. Secret Service alerted the chain that its credit card processing systems may have been hacked. The company said the breach occurred between Oct. 19, 2013, and June 11, 2014.
The intrusion was first reported by security blogger Brian Krebs, who said on his website that banks reported data from thousands of customers had been pilfered from locations and was being sold online. The list of restaurants affected by the hack include locations in Lynnwood and Bellevue, according to pfchangs.com/security. A list of all 33 locations, as well as the dates that cards may have been compromised, can be found there as well.
Federico said P.F. Chang’s conducted an internal investigation with the help of forensic data experts, and determined the 33 locations affected and specific time frames the credit card processing system was compromised for each.
He also said the company has been processing card data securely since June 11.
P.F. Chang’s has about 211 locations in the U.S. and abroad. The company also operates Pei Wei Asian Diner, a more casual Asian restaurant chain with more than 190 U.S. locations, none of which were compromised.