A P.F. Chang’s China Bistro restaurant in Palo Alto is one of 33 of the chain’s outlets where credit and debit card information of customers may have been stolen, the company’s chief executive said Monday.
The Arizona-based company has a team of forensics experts working on the security breach since the U.S. Secret Service informed P.F. Chang’s about it on June 10, CEO Rick Federico said in a statement.
The breach, which made it possible for the database intruder to access card numbers, cardholder names and card expiration dates, began on April 10 and was halted as of June 11, Federico said.
P.F. Chang’s posted a list of 33 restaurants across the country where credit and debit card information might have been stolen. The list is available on the company’s website at pfchangs.com/security.
The only Bay Area restaurant on the list was at 900 Stanford Shopping Center in Palo Alto. Others include seven restaurants in Southern California and outlets in New York, Pennsylvania, Texas, Nevada and Washington.
The company does not yet know if any credit card data was actually stolen, but customers who used their cards at one of the 33 restaurants from April 10 to June 10 should review their account statements for unusual activity and notify their card companies if they find any, Federico said.
Customers who discover their identity and credit information have been misused may file a complaint with the Federal Trade Commission, which can be reached by phone at 877-438-4338, company officials said.
P.F. Chang’s has enrolled affected customers in an identity protection service called AllClear Secure for the next 12 months. Customers experiencing problems with identity theft may call the service at 877-412-7152, according to Federico.
No more eating there then, easy enough.
Or, Kenny, instead of hurting the restaurant and yourself as well, do what I do. I use cash for practically everything, and credit cards for only large purchases. Simple, safe, no worries.
Its has been easy not to eat at one of these shops for many years now.
A few years ago I had my credit card information stolen about a week after I ate at a Chinese restaurant on Castro Street and paid with that card.
Chase called me at work and said that someone had tried to charge the costs of a web site in Chinese using my card. It triggered the fraud alert at Chase.
With all the constant news reports about Chinese hackers, it doesn’t surprise me that something like that happened at PF Chang’s
I doubt very much that the fact this is a Chinese restaurant had anything to do with the breach. I’ve been involved in much bigger breaches than this including Target, UT Austin student records, A major PA tech company’s retiree records (unencrypted personnel data on a stolen laptop belonging to an employee benefits contractor) and several more, none of which involved anyone who was Chinese . I also had erroneous charges on a credit card, luckily identified by the credit card provider, in a month that the only other time I had used the card was at a high end Italian restaurant in Palo Alto. Per the credit company, someone had duplicated my card and indeed, I had waited longer than usual for someone to process my card payment. However, there was no proof, which is why I’m not mentioning the name of the restaurant. I’m also not jumping to any conclusions about the involvement of the mafia, just because it was an Italian restaurant. In most such cases, it is employee fraud not related to ethnicity.
@Interesting…
“With all the constant news reports about Chinese hackers, it doesn’t surprise me that something like that happened at PF Chang’s”
Are you insinuating that eating at Chinese restaurants results credit card fraud?
Besides, PF Chang’s is a US-based restaurant chain that started in Scottsdale, AZ. In fact, The “PF” in PF Chang’s stands for Paul Fleming (a restauranteur).
Do some background research before you throw out veiled accusations.
I thought today’s news was Russians hijacking a billion passwords.
Whiskers, it is really not hurting me not to eat at PF Changs. Not sure why businesses who are sloppy with security should get away with it.