The Rippleshot Data Breach Blog

Data Breach Affects Restaurant Chain P.F. Chang's China Bistro

Written by Jennifer Um | Sep 8, 2014 3:39:00 PM

On June 13th, 2014, P.F. Chang’s China Bistro reported that there had been a breach involving customer’s credit and debit card information. The restaurant chain learned about the breach on Tuesday June 10th, 2014, and investigated the issue with the help of the United States Secret Service and third-party forensics experts.

According to forensic experts, P.F. Chang’s China Bistro’s data breach seems to involve a “highly sophisticated” gang. As it will take more time to completely resolve the issue, P.F. Chang’s China Bistro created a webpage to help their patrons to check whether their information had been leaked. Furthermore, P.F. Chang’s China Bistro immediately changed their payment system to a manual imprinting credit card system to prevent further damage. Only recently, has P.F. Chang’s China Bistro started to incorporate new encryption-enabled terminals in an effort to phase out from the manual imprinting system.

Rippleshot estimates that the credit card re-issuance alone will cost $49 million, and operating phone center and sending notification letters would cost additional $100M. P.F. Chang’s China Bistro is currently going through class action lawsuits, which may increase costs for each of these cases regardless of the court's decision.
In response to the breach, P.F. Chang’s has posted information on their website, including the location of 33 stores that were affected by the breach. P.F Chang’s encourages its customers to monitor their credit reports, which one can get from visiting www.annualcreditreport.com, or calling (877) 322-8228. P.F. Chang’s claim that the security breach has been contained and it is safe to use bank cards at P.F. Chang’s locations.

Compromised Details:

The compromised data includes personal identifiable information and bank card information such as:

  • Name
  • Credit/Debit card number
  • Credit/Debit card expiration date

List of States affected

 

Affected States

Unaffected States

 

Arizona California Colorado
Florida Illinois North Carolina
New Jersey Nevada New York
Maryland Missouri Ohio
Oklahoma Pennsylvania Tennessee
Texas Virginia Washington

Review other large-scale data breaches such as Target and Home Depot as well as the impact Rippleshot would have had on their fraud loss by downloading our case study bundle below: