Food chain, PF Chang's, investigates possible card breach
Fraudsters are claiming 100% of the cards are valid, meaning banks haven't cancelled accounts yet
IDG News Service - A large batch of stolen credit card numbers for sale on an underground forum may have come from a breach at P.F. Chang's China Bistro, a restaurant chain that said on Tuesday it is investigating.
Those selling the stolen data are claiming all of the card numbers are still valid, meaning the data is fairly fresh and that banks haven't yet canceled the accounts, said Alex Holden, CTO of Hold Security, a Wisconsin-based consultancy that monitors secret forums where stolen data is sold.
The company is investigating and law enforcement has been contacted, said a P.F. Chang's representative, Anne Deanovic, via email. "We will provide an update as soon as we have additional information," she wrote.
P.F. Chang's China Bistro also runs Pei Wei Asian Diner, a casual diner. As of January 2012, the company ran close to 400 of both restaurant brands in 23 U.S. states, according to its website.
The breach, first reported by security journalist Brian Krebs, most likely resulted from an attack on point-of-sale (POS) systems, the computerized cash registers used to swipe payment cards, Holden said. It appears the breach started in March and continued through early May, he said.
In those cases, malicious software captured payment card details -- encoded on the black stripe of the card -- right after the card was swiped. Although retailers are required to encrypt card details, in some cases the data is briefly held unencrypted in a computer's memory. The type of malware that can exploit this hole is known as a "RAM scraper."
The card details suspected to be from PF Chang's are for sale on a site known as Rescator, an infamous "carding" website that sells stolen data to other fraudsters, Holden said.
Holden said Rescator was down on Tuesday, but later came back online. It appeared those selling the data did a poor job of mixing up the card numbers. Releasing a big batch of numbers from a single retailer allows banks to more closely hone in on where the breach occurred, he said.
It also means the value of the stolen data may fall quickly if banks decided to cancel payment cards in anticipation of fraud. Rescator is selling card details for $18 up to $139 each, Holden said. Card details are often priced according to the potential spending limit of the card, with fraudsters hoping to exploit the card before banks cancel it or its holder notices unauthorized charges.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts