P.F. Chang's China Bistro confirmed on Thursday credit and debit card data was stolen from its restaurants, saying it is switching in the meantime to a manual imprinting system to process cards safety.
The restaurant chain said in a statement it was alerted on Tuesday by the U.S. Secret Service, which is investigating the cause along with a team of third-party forensic experts.
P.F. Chang's said it did not know what cards were affected but that it is working with credit card companies to identify those at risk. It advised customers to monitor their statements for fraudulent activity.
Card details believed to have come from P.F. Chang's have appeared on so-called "carding" forums, which are password-protected websites where cybercriminals sell data. The details are being offered for as little as US$18 up to $139 per set, according to Hold Security, a company that specializes in tracking where stolen data is sold.
In the meantime, manual payment card imprinting devices have been provided to its restaurants so it can continue to safely process card transactions, P.F. Chang's said. Manual card processing, largely a thing of the past, involves making a copy of the card on carbon paper.
P.F. Chang's is the latest retailer to be stung by cybercriminals, who have had startling success capturing payment card details from point-of-sale terminals, the computerized cash registers that process card payments.
Target, Neiman Marcus, Sally Beauty and Michaels have disclosed data breaches over the last eight months, drawing close scrutiny from regulators and U.S. lawmakers regarding the safety of consumer data.
P.F. Chang's has 204 Bistros in 39 states and 170 Pei Wei Asian Diner restaurants, a casual brand, in 23 states.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk