
P.F. Chang’s Breach Likely Began in Sept. 2013  - wglb
http://krebsonsecurity.com/2014/06/p-f-changs-breach-likely-began-in-sept-2013/
======
vcherubini
I want to know an explanation of why credit card data was stored. Is this
standard? Shouldn't they only need it long enough to process the transaction -
there's no reason to store it, correct?

Was the data stolen in transit (should be entirely encrypted) or stolen while
at rest?

~~~
nandhp
Is there any evidence the transaction was stored, except insofar as storage
was necessary to carry out the heist? The credit card data could have been
intercepted while being input (e.g. by a keylogger).

------
ryguytilidie
One of the things that bothers me most about all these breaches is that I
can't think of a single reason for many of these companies to store the data,
yet they do it, presumably to make some sort of additional profit. Then, when
they lose/have that data stolen, its just an "oops! we're doing our best to
fix it". Maybe some of these companies can just stop collecting/storing this
data if they can't do it securely?

------
coldcode
Has anyone yet described exactly how the breach was accomplished? Or as usual
no details come out?

------
Alupis
Dang nabbit! I love eating here.

~~~
sscalia
You enjoy eating at PF Changs China Bistro? Really?

Do you also enjoy The Olive Garden?

~~~
recursive
Don't act so surprised. Plenty of people do. They stay in business from the
money they get from people who want to eat there.

