P.F. Chang's China Bistro said Wednesday it is investigating a report of a possible data breach involving credit and debit card data that may have been stolen from its restaurant locations nationwide.

The report came from cybersecurity blogger Brian Krebs, who has uncovered previous data breaches at retailers such as Target.

His website, KrebsOnSecurity, said customer data from thousands of credit and debit cards previously used at P.F. Chang's restaurants went up for sale on an underground store best known for selling data from tens of millions of cards stolen in the Target breach.

http://www.usatoday.com/story/money/bus ... /10318193/

...and the hits keep coming.

I have the cure for these data breaches.

CASH

I have the cure for these data breaches.

CASH

Steve, I have found myself paying cash much more frequently than I had in the past....As much as anything else, I do so because I don't like my credit card out of my sight while in the hands of someone whom I neither know or trust.

Question I have...is there some legal reason that they keep this info around? I realize it needs to be kept for a while in case of disputes or whatever, but do most places delete it after 90 days or so or is it kept forever?

Edit: And, as a follow up, does the whole number even need to be kept for that reason, or just some subset?

Ideally they would truncate or hash the card number and not store it unless absolutely necessary, along with no other identifiable card stuff like cvv or expiration or the like, but if the point of sale system/server itself is compromised then it doesn't really matter at all.

Checking for updates on Krebs security site, it looks like they're going over to oldschool manual imprinter card thingies, hope they safely dispose of the paper copies or they're just going to have an even bigger mess.

I know credit card breaches tend to get most of the press, but I'd be more worried about compromised bank and/or financial accounts. You can monitor your credit card statements monthly and very easily limit your liability.

I only have 1 credit card with a limited (very limited) ceiling on it I use ONLY for on line purchases. Everything else is cash. My life is so much easier.

You're going to see this from most of the restaurants that use this same card swiping manufacturer. There's plenty of info on the darker parts of the net about how the machines themselves are compromised

Edit: Compromised _at the manufacturer level_.