P.F. Chang’s Breach, and Krebs on “What Do Hackers Want?”


P.F. Chang’s Breach, and Krebs on “What Do Hackers Want?”

Tracking the Breach Source: Krebs on Security

It’s good to keep an eye on the “Krebs on Security” website, where much of the recent all-too-spectacular news about data breaches gets broken, and later analyzed here is were we want to understand hackers want. This week, Brian Krebs is reporting on the latest retail breach, coming from the chain of P.F. Chang’s China Bistro restaurant (if you’ve eaten at one lately, doublecheck your plastic!)

The Mechanics of the Breach

Although the breach news might sound repetitive now, it’s essential to understand how these thefts typically occur. Thieves commonly hack into cash registers at retail locations and install malicious software. This software covertly captures mag stripe data as customers swipe their cards. Krebs points out that this method has caused many of the notable recent breaches, including those at Target, Neiman-Marcus, Michaels, and, most recently, Sally Beauty stores.

The Aftermath of a Data Breach

The exact number of affected PF Chang’s customers remains uncertain. However, the breach came to light when hackers and data thieves put the stolen card information up for sale on a prominent online “store.”

Data Thieves and Their Trade

Discussing the sale, Krebs provides insight into the operations of data thieves. They don’t sell actual cards but rather the data from the magnetic stripes on the card backs. With this information in hand, these criminals can transfer the data onto counterfeit cards. They then use these fake cards to purchase high-value items from major retailers, which they swiftly resell for cash.

The Motive Behind Data Theft

Typically, thieves don’t use the stolen information for personal expenses like road trips or extended shopping sprees. They understand their opportunity is limited, and their “window” may soon close. Instead, they quickly convert the stolen data into tangible goods, which they can then easily convert into cash.

The Value of Stolen Data

As Krebs notes, “the cards range in price from $18 to $140 per card. Many factors can influence the price of an individual card, such as whether the card is a Visa or American Express card; similarly, Platinum and Business cards tend to fetch far higher prices than Classic and Standard cards.”

Protecting Your Business Data

Do all you can to protect that data, whether its at Point-of-Sale or anywhere else where it’s journeying in pixel and digital form. Make sure all your devices are up-to-date, and call your AVPS rep to learn when and how you can update, whether you’re using mobile processing, or taking orders online.

The Importance of Data Security

After all, your information, and that of your customers, is valuable stuff. Even — or especially — if it hasn’t been hacked or pilfered. Yet.