P.F. Chang's China Bistro is investigating claims of a data breach involving credit and debit card data stolen from restaurant locations in the United States, the Asian-themed casual dining restaurant chain said on Tuesday.
Stolen credit and debit card data appeared on an underground website used by criminals on Monday, according to KrebsOnSecurity.com, which covers computer security and cyber crime.
Banks contacted by KrebsOnSecurity said the stolen cards had all been used at P.F. Chang's locations in the United States between March and May. (link.reuters.com/zyj99v)
"P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more. We will provide an update as soon as we have additional information," said Anne Deanovic, a spokeswoman for P.F. Chang's, which operates 211 U.S. restaurants. The chain is owned by Centerbridge Partners, a private equity firm.
Reuters could not independently verify the details in the report from KrebsOnSecurity. It may not be clear whether P.F. Chang's was the victim of a breach until the company releases information about its investigation.
In some situations, companies that conduct investigations into data breaches may not be able to come to a definitive conclusion.
For instance, Sears Holdings Corp had said that an investigation into a possible data breach did not reveal any conclusive information. A spokesman for Sears had said in February, "We have found no information based on our review of our systems to date indicating a breach."
The stolen cards from P.F. Chang's are the first set of cards put up for sale in the form of electronic data on the underground shop since March 2014, when the website publicized the sale of cards stolen from beauty products retailer Sally Beauty Holdings Inc, according to KrebsOnSecurity.
A number of high-profile retailers have been victims of data breaches.
Discount retailer Target Corp reported in December that hackers had stolen data from up to 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season.
In April, Target named high-profile information technology consultant Bob DeRodes as chief information officer. The company's previous CIO resigned in March, several months after the data breach.
Upscale U.S. retailer Neiman Marcus reported a breach of about 1.1 million customer payment cards in January at 77 of 85 stores.
In March, Sally Beauty said fewer than 25,000 credit-card records may have been taken in a data breach.
Officials with the Secret Service could not immediately be reached for comment. The Secret Service is the U.S. federal law enforcement agency that typically takes the lead on investigating credit card breaches.
(Reporting by Narottam Medhora, Tanvi Mehta and Ankit Ajmera in Bangalore; Additional reporting by Jim Finkle in Boston; Editing by Lisa Shumaker)