American restaurant chain P.F. Chang has revealed that a total of 33 branches were affected by the summer breach.
In a statement, CEO Rick Federico said that the investigation into the breach, which was originally reported in June, has determined that the security of its card processing systems was compromised, and it believes that the intruder may have stolen some data from certain credit and debit cards that were used at 33 branches of P.F. Chang’s China Bistro in the US.
He said: “The security compromise, however, has been contained, and P.F. Chang’s has been processing credit and debit card data securely since June 11th 2014.
“The potentially stolen credit and debit card data includes the card number and in some cases also the cardholder’s name and/or the card’s expiration date. However, we have not determined that any specific cardholder’s credit or debit card data was stolen by the intruder.”
As well as listing the locations, which were in states across the country, he said he regreted any inconvenience caused. In the breach, customer data from thousands of credit and debit cards that were previously used at P.F. Chang’s restaurants were put up for sale on an underground website.
Commenting, Mike Lloyd, CTO at RedSeal Networks, said: “PF Chang’s statement about the extent of the breach they suffered is commendable – consumers, investors and regulators demand transparency. However, the time it took is interesting – it’s an example of the ‘fog of war’ that all organisations have to deal with today.
“Just as in real wars, defenders need to understand where they stand. Unfortunately, terrain mapping is quite hard in the overgrown, complex IT infrastructures we rely on. Many organisations learn this the hard way – even when informed they have been breached, they struggle to map out the extent of the attack, let
alone understand how it happened, how to stop it, and how to clean up. Savvy organisations map their defenses, and even test them using virtual “war-gaming” well ahead of the inevitable attack.”