Thousands of stolen credit and debit cards, apparently recently used in P.F. Chang’s restaurant locations, are up for sale on the underground store Rescator,reports security researcher Brian Krebs.
Bank sources told Krebs that the stolen cards being sold underground were all used at P.F. Chang locations between March and mid-May of this year.
The stolen cards range in price from $18 to $140 per card. In a tweet, Krebs estimates that if all of the P.F. Chang stores are affected, this could mean one to two million cards have been stolen.
P.F. Chang’s told Krebs that it is investigating claims of a data breach but it had not yet been able to confirm a breach. “P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the restaurant chain said in a statement sent to the security researcher.
In a statement emailed to FierceITSecurity, Simon Eappariello, senior vice president for product and engineering at iboss Network Security, comments about the breach report: “In looking at the information currently available, the breach could be the result of an attack on POS [point-of-sale] equipment, or more likely, a central database server–as several P.F. Chang’s locations seem to be implicated in different states.”
Chester Wisniewski, senior security advisor at Sophos, is quoted bySecurityWeek as observing: “Organizations are so focused on what is coming into their networks they don’t pay enough attention to what is going out. The card issuers have far better analytics to find these types of patterns. They call it CPP for common point of purchase. When you have fraud or find 100 or so of your cards on a carder forum you start to look for patterns or CPPs. This is how most card breaches are discovered in my experience.”
June 11, 2014 | By Fred Donovan