P.F. Chang's has reported the data breach it revealed in June was the work of a "highly sophisticated criminal operation," . The data breach impacted the restaurant chain's point of sale (POS) credit card system, causing many customers to have their credit card numbers stolen.
"We continue to make progress in our investigation into the recent security compromise that affected P.F. Chang's," said Rick Federico, CEO of P.F. Chang's, in a . "We will continue sharing important details once they have been confirmed by a team of third-party forensic experts."
PF Chang's Had No Knowledge of the Attack
The company first discovered the breach in June 10. Hackers had broken into the company's POS system, and stole credit cards. The attack went unnoticed until the U.S. Secret Service discovered a large batch of customer credit card numbers that were being offered for sale on an Internet forum. The Secret Service then alerted P.F. Chang's, which had no knowledge of the breach until then, .
Cyberattacks on POS systems have been on the rise. The most public story about POS hacks was likely when Target discovered it had been breached in 2013. About 70 million people were affected by the Target breach, according to IT World. In both the Target attack and the P.F. Chang's attack, costumer credit cards were on sale on the black market before the businesses became aware they had been hacked.
P.F. Chang's response after the breach was to begin using manual card imprinters, and then to process the payments using an encrypted terminal that operates on a dial-up fax. This operation is allegedly more secure than what it had been using previously, but whether the company will continue to use this method of processing credit card payments remains unknown. As it stands, the company is sending more terminals to its restaurants, according to the story.
Using Manual Credit Card Readers Not Necessarily a Safer Choice
The manual system P.F. Chang's is using to process credit cards may not be any safer from breaches than what the company had been using before, . Morey Haber, senior director of program management at IT security company Beyond Trust, said that a stack of cards that have been imprinted with credit card data can be hacked just as easily as electronic copies of the same information.
"I can only assume P.F. Chang's has chosen this method since the electronic system they have, has been compromised at the store level, versus a database breach on the back end," Haber said. "This is the only method they have to still conduct business."