A recent data breach that struck noted Chinese restaurant chain PF Chang’s resulted in the loss of sensitive customer financial information, including credit card numbers. Now, some of the numbers are on sale, with one site accepting bitcoin as payment for the stolen card information.
Founded in 1993, PF Chang’s operates more than 200 restaurants in Argentina, Canada, Chile, Mexico, the Middle East and the US, and boasts a casual dining atmosphere and Asian-style cuisine.
Krebs On Security reports that a batch of credit cards purportedly tied to the PF Chang’s breach first became available for sale on 9th June. The website, Rescator, has previously been the site for credit card sales stemming from other high-profile data breaches, including the ones that struck retailers Target and Neiman Marcus.
The digital security site said:
“The shop accepts payment via bitcoin (for hopefully obvious reasons, customers cannot pay for the goods using credit cards).”
Data for sale
The batch of credit cards, dubbed ‘Ronald Reagan’, boasts a valid number rate of 100%, with payments being available via Western Union, MoneyGram and bitcoin. Krebs reported that the price of each card number ranged from $18 to $140.
The report added that many of the cards may still be functioning, given the fact that the breach was only discovered in the past few weeks, saying:
“It seems likely that PF Chang’s only learned of this breach very recently. The cards sold under the Ronald Reagan base are advertised at ‘100 percent valid’, meaning that fraudsters can expect all of the cards they purchase to have not yet been canceled by the issuing banks.”
Currency of choice
By accepting bitcoin, the illicit seller is no doubt attempting to tap into digital currency’s anonymous transaction capabilities and favorability among black market users. It’s not clear whether any numbers have actually been bought with bitcoin since they became available earlier this week, however, the seller isn’t the first to try and draw in bitcoin purchases on fraudulent goods and services.
In May, digital commerce giant eBay was the victim of a cyberattack that targeted its databases. Shortly after the news came to light, an unidentified person attempted to sell what they claimed were the database’s contents for bitcoin.
At the time, eBay denied that the purported database information was authentic.
Asian food via Shutterestock