Last week, when word first came out about the security breach at P. F. Chang's, the company confirmed that hackers had successfully stolen customers' credit and debit card data, but the time and extent of the breach was not known.
Chang's still has not come forth with more details, but according to security blogger Brian Krebs, new information from various card-issuing banks suggests that the breach started on or around Sept. 18, 2013, and continued through until June 11, the day after the U.S. Secret Service first told Chang's about the breach.
It's still not known exactly how many customers were affected, but Krebs said:
Assuming the breach affected all 211 P.F. Chang’s locations in the United States (a safe assumption since P.F. Chang’s recently switched to manual “knucklebuster” carbon-copy card imprinters at all locations), the nine-month breach is likely to have impacted more than 7 million cards.
If you have eaten at a P. F. Chang's and paid via debit or credit card anytime between last September and last week, be warned: there's a high risk your information is currently in the hands of whoever hacked into Chang's. Keep a sharper-than-usual eye on your accounts, and it might be a good idea to just go ahead and get new numbers on those accounts now, rather than wait to see if some hacker uses them to profit at your expense.