The recently-announced credit card breach at P.F. Chang’s Chinese Bistro appears to have gone on for at least nine months: New information indicates that the breach at the nationwide restaurant chain began on or around Sept. 18, 2013, and didn’t end until June 11, one day after KrebsOnSecurity.com broke the news about the break-in.
Whenever there is a data breach that jeopardizes credit card accounts, Visa, MasterCard and the other card associations typically issue private Compromised Account Management System (CAMS) alerts to banks that issue their cards. The purpose of those CAMS alerts is to notify those institutions of specific cards thought to have been affected in a breach, so that institutions can re-issue the cards or otherwise take additional steps to manage the fraud exposure on those accounts.
On June 17, Visa issued a new CAMS alert to one of the banks that I worked with in reporting out the P.F. Chang’s story, letting them know that they had many hundreds of cards exposed in a recent breach that dated back to Sept. 18, 2013. That bank had purchased more than a dozen cards sold from an underground store that’s been exclusively selling cards stolen in the P.F. Chang’s break-in, and every one of those cards was listed on the June 17 CAMS alert from Visa. Continue reading →