P.F. Chang's China Bistro said Wednesday it is investigating a report of a possible data breach involving credit and debit card data that may have been stolen from its restaurant locations nationwide.
The report came from cybersecurity blogger Brian Krebs, who has uncovered previous data breaches at retailers such as Target.
His website, KrebsOnSecurity, said customer data from thousands of credit and debit cards previously used at P.F. Chang's restaurants went up for sale on an underground store best known for selling data from tens of millions of cards stolen in the Target breach.
Krebs reported he contacted banking sources who said the cards had been used at P.F. Chang's locations between the beginning of March 2014 and May 19, 2014.
Anne Deanovic, a spokeswoman for the Scottsdale, Ariz.-restaurant chain, said Wednesday morning that "P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more. We will provide an update as soon as we have additional information."
KrebsOnSecurity.com said the most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and "planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines."
Once they get the data, thieves can re-encode it onto new counterfeit cards and use them to buy expensive goods that can be resold for cash, KrebsOnSecurity reported.
"The breaches at Target, Neiman Marcus, Michaels and Sally Beauty all were powered by malware that thieves planted on point-of-sale systems," it said.