Chinese restaurant chain P.F Chang’s has apparently had quite a serious data breach, with credit card details of customers appearing on an online marketplace for dumps and other material. Brian Krebs has a brief summary as to what he discovered. The nationwide chain, which is based in Scottsdale, AZ has over two hundred locations. The company has responded by creating an online clearinghouse for information relating to the breach.
A statement placed on the aforementioned page by CEO Rick Federico claims that they first learned of the breach on June 10 and that they – with help from the Secret Service have “have concluded that data has been compromised,” which I guess officially confirms that the information that has been leaked is indeed genuine. The statement continues to describe their efforts at mitigation which include their chains falling back to “a manual credit card imprinting system for all P.F. Chang’s China Bistro branded restaurants located in the continental United States.” Unfortunately this is rapidly turning into a P.R. nightmare for the chain, with the story today being picked up by USA Today, amongst others.
This again goes to show that failing to secure your customer’s sensitive information can result in very real consequences that far exceed the damage of the initial compromise. This can include potential legal action, compliance investigations and perhaps most importantly – potentially irrepreable damage to the trust that your business with your clients. If you can avoid storing the card data in house and can offload that risk to your card processing organization, then all the better.