P.F. Chang’s Breach, and Krebs on “What Do Hackers Want?”

It’s good to keep an eye on the “Krebs on Security” website, where much of the recent all-too-spectacular news about data breaches gets broken, and later analyzed. This week, Brian Krebs is reporting on the latest retail breach, coming from the chain of P.F. Chang’s China Bistro restaurant (if you’ve eaten at one lately, doublecheck your plastic!)

While news of the breach itself may be all-too-familiar at this point: “The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines,” Krebs note, recounting that most of the recent headline-making breaches were done this way, at Target, Neiman-Marcus, Michaels, and more recently, the chain of Sally Beauty stores.

No one knows yet how many cards of PF Chang customers were affected, but the breach became known when information from the pilfered cards was offered up for sale at a well-known online “store” for hackers and data-snatchers.

In talking about the sale, Krebs lets us glimpse how the world of data thieves works: “The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards. Armed with this information, thieves can re-encode the data onto new plastic and then use the counterfeit cards to buy high-priced items at big box stores, goods that can be quickly resold for cash.”

So the information isn’t used, in most cases, to fund road trips or an ongoing series of purchases — data-snatchers know that in most cases, their “window” will close before that. So what they try to do is take stolen information and turn into “tangible goods” as it were, which can then be turned into hard money.

But not all stolen data is created equal. As Krebs notes, “the cards range in price from $18 to $140 per card. Many factors can influence the price of an individual card, such as whether the card is a Visa or American Express card; similarly, Platinum and Business cards tend to fetch far higher prices than Classic and Standard cards.”

So the more “perqs” the stolen data comes with, or more to the point, the higher the line of credit (and thus, the pricier — or just “more of” — those “tangible goods”), the more desirable the information.

Do all you can to protect that data, whether its at Point-of-Sale or anywhere else where it’s journeying in pixel and digital form. Make sure all your devices are up-to-date, and call your AVPS rep to learn when and how you can update, whether you’re using mobile processing, or taking orders online.

After all, your information, and that of your customers, is valuable stuff. Even — or especially — if it hasn’t been hacked or pilfered. Yet.


Leave a Reply

Your email address will not be published. Required fields are marked *