If you've eaten at a P. F. Chang's restaurant and paid with credit or debit card, be warned: hackers have breached the database of at least some restaurants in the chain, and your confidential financial data might be at risk.
On June 12, P.F. Chang's posted a “Security compromise update” on its security page, starting with a statement by CEO Rick Frederico:
On Tuesday, June 10, P.F. Chang's learned of a security compromise that involves credit and debit card data reportedly stolen from some of our restaurants. Immediately, we initiated an investigation with the United States Secret Service and a team of third-party forensics experts to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised.
The statement goes on to say that Chang's has installed a manual credit card imprinting system in all restaurants in the continental U.S., so customers who still want to pay with credit or debit cards rather than cash can do so, if they wish.
Who told whom?
That bit about Chang's learning of the security compromise and initiating an investigation with the Secret Service might give the impression that Chang's discovered the breach and then contacted the Secret Service people. Actually it was the opposite, as explained in the nine question-and-answer combos listed after Frederico's statement:
2. WHEN DID P.F. Chang's DISCOVER THIS INCIDENT?
The United States Secret Services alerted P.F. Chang's to this incident on June 10, 2014.
4. WHAT INFORMATION WAS EXPOSED?
According to the United States Secret Service, credit card and debit card numbers that have been used at P.F. Chang's are involved.
Sometimes, when security breaches like this are discovered, they're limited to a specific time frame — it started on this date and ended on that date, so the damage is limited to customers who patronized the business within that range. Unfortunately, no such time limits have been determined for the Chang's breach yet:
8. HOW DO I KNOW IF MY CARD WAS INVOLVED OR SHOULD BE CANCELLED?
Because we are still in the preliminary stages of our investigation, we do not yet know which credit or debit cards may be involved. P.F. Chang's has notified the credit card companies and is working with them to identify the affected cards. We encourage you to monitor your accounts and to report any suspected fraudulent activity to your card company.
How far back into the past does this go—should you worry if you ate at a Chang's last month? Last year? A couple years back? That's not known at this point.