After breaking news of a breach potentially impacting seven million-plus customers of P.F. Chang's Chinese Bistro, technology writer Brian Krebs followed up on Wednesday with news that the exposure appears to have gone on for nine months – beginning in September 2013 until his report appeared June 11.
The incursion was likely a point-of-sale compromise as, Krebs explained, card data was copied from the magnetic stripes on the backs of cards, indicating it was stolen in malware attacks on registers throughout the restaurant chain's 211 locations.
While Krebs said a black market website has been selling the card data, alerts have gone out from the card brands to the banks issuing their cards. As well, Rick Federico, P.F. Chang's CEO, issued a statement that the chain is working with the U.S. Secret Service and forensics experts to investigate the breach.