SCAM ALERT: BBB Warns of P.F. Chang's Data Breach

  
     
June 13, 2014

If you’ve recently eaten at P.F. Chang’s, you might want to keep a close eye on your credit and debit card statements.

Better Business Bureau is warning consumers to be diligent in checking their statements and credit records to make sure their information hasn’t been compromised following a data breach of P.F. Chang’s credit and debit card data systems.  The restaurant chain confirmed today that customer card information has been stolen in a cybercrime attack and that all restaurants will temporarily move to manual credit card imprinted in all U.S. locations until the issue has been resolved.  It’s been reported that 211 P.F. Chang’s and 192 Pei Wei Asian Diner locations have been affected across the U.S.  The breach took place between April 9-21, 2014.

The following statement was released yesterday, June 12th, 2014 by Rick Federico, CEO of P.F. Chang’s:

Scottsdale, Ariz. (June 12, 2014) — On Tuesday, June 10, P.F. Chang's learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.

At P.F. Chang's, the safety and security of our guests' payment information is a top priority. Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues.

We have also established a dedicated public website, pfchangs.com/security, for guests to receive updates and answers to their questions.

Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements. Any suspected fraudulent activity should be immediately reported to their card company.

We sincerely regret the inconvenience and concern this may cause for our guests.

BBB is offering these tips to consumers following the breach:

  • Take any notifications that your information may have been compromised in a data breach seriously. Most companies will set up a hotline to address concerns and answer questions.
  • Change your password quickly. Do not wait, when a company notifies customers of a data breach situation, it is important to take action immediately.
  • Use strong passwords. It is important that passwords are at least 10 characters long and contain a mix of upper and lowercase letters, numbers, and symbols. Try to be unpredictable – don’t use your name, birthdate, or common words. 
  • Don't use the same password on multiple sites. Hackers sometimes try using stolen passwords on different websites to gain control of other accounts. Likewise, it is a best practice to change passwords at least every six months and opt in for two-step verification when available.
  • Never provide financial or other confidential information in response to an unsolicited email. Don’t click on links or download attachments.

If you have questions regarding this, or any other data breach, don’t hesitate to call your BBB serving San Diego, Orange and Imperial Counties are 858-496-2131.  Visit our BBBlog at bbb.org for updates on this breach.