Restaurant chain P.F. Chang's released a bunch of new details on Monday about the data breach it experienced earlier this year. It has located 33 possible locations where it believes certain credit and debit card data may have been compromised and it knows more about what kind of information may have been lifted from those cards.
Until now, not much was known about the breach except that it occurred sometime between March and May 19 and customer credit card numbers had popped up for sale on the Internet black market.
While the investigation is still ongoing and it's unclear who committed the attack or its origins, P.F. Chang's said Monday that the breach has been "contained" and it's been processing credit and debit card data securely at all locations since June 11, 2014.
The chain has not yet determined if any specific individual's data was stolen during the breach, but it has been able to isolate the breach to 33 locations and specific time frames.
"The potentially stolen credit and debit card data includes the card number and in some cases also the cardholder's name and/or the card's expiration date," said P.F. Chang's CEO Rick Federico in a statement. "However, we have not determined that any specific cardholder's credit or debit card data was stolen by the intruder."
All of the restaurant locations were in the continental US, including Arizona, California, Pennsylvania, Tennessee, Ohio, and several other states. The chain is giving all potentially affected users free identity protection services from either Equifax, Experian, or TransUnion.
The hack into P.F. Chang's card processing systems came amid an apparent uptick in security breaches at retail locations. Retail giant Target revealed in December that hackers obtained credit card data for more than 110 million customers who shopped in its stores late last year. And, over the past few months, arts and crafts retail chain Michaels Stores and department store Neiman Marcus revealed they were victims of security breaches aimed at stealing customer's credit card information.