Restaurant chain PF Chang’s recently released new information regarding the security breach of its credit card systems across the country. The chain announced that the breach affected more than 30 locations in 17 states and went on for eight months before being detected.
While the investigation is still ongoing, in a statement PF Chang’s reported that the breach has been contained and customer financial data has been processed securely by the restaurant since June 11. The compromised systems used by the chain were removed until it was clear that their security could be ensured, and in the meantime credit cards were processed by hand.
“The potentially stolen credit and debit card data includes the card number and in some cases also the cardholder’s name and/or the card’s expiration date,” said CEO Rick Federico in a statement. “However, we have not determined that any specific cardholder’s credit or debit card data was stolen by the intruder.”
PF Chang’s was alerted of the breach, which they referred to as a “highly sophisticated criminal operation,” in June when they were contacted by the Secret Service about cybersecurity concerns. Once notified, the restaurant hired third-party forensic investigators to discover how the breach was able to occur, at which time they found that malicious actors were able to exploit the chain’s credit card processing systems and possibly gain access to customer credit card information.
Companies worried about similar data breaches affecting point-of-sale terminals should implement endpoint threat detection to keep critical systems protected. Endpoint protection involves monitoring sensitive access points – like POS systems, barcode readers and employee mobile devices – and mitigating threats that appear. Continuous endpoint visibility is necessary to identify threats before they compromise networks and ensure enterprise security.