P.F. Chang’s Breach Highlights Need for Better Enterprise Security


Popular restaurant P.F. Chang’s China Bistro is making headlines for all the wrong reasons — instead of being lauded for its food or customer service, it’s in the spotlight due to a data breach.

The company found out about the attack nearly a month ago, according to an announcement from CEO Rick Federico. But unlike many business data breaches, which are discovered by the business itself, the news of the P.F. Chang’s malicious incursion was delivered to the company by none other than the United States Secret Service. The security organization immediately indicated to P.F. Chang’s that the attack was of an extremely serious nature.

The repercussions of this incident on the restaurant chain point to the vitality of having the most robust enterprise security measures possible in place for your organization. Indeed, because it failed to prevent this breach, P.F. Chang’s is now faced with some major challenges.

First, because the intrusion could have compromised customers at China Bistro, P.F. Chang’s is having to temporarily transition to a manual credit card system at its restaurants. For anyone who’s had to deal with manual card imprinting before, you know what a time-consuming (not to mention paper-eating) process it can be. Yet P.F. Chang’s will have to do this since the safety of its customers’ payment information is in jeopardy.

Second, the company is likely going to be bogged down by the breach investigation for the foreseeable future, and its involvement will cost time and money. This is money that could have been spent enhancing the business, but instead is going to be funneled into recovering from something that could have been prevented with more rigorous enterprise security.

Finally, and most significantly, as a result of the breach, P.F. Chang’s is having to deal with an understandable loss of customer trust. To counter any skepticism on the part of customers, the restaurant chain seems to be deferring to the path of complete transparency, which is a decidedly good move in the wake of an episode like this.

“Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements,” Federico said in his statement to customers. “Any suspected fraudulent activity should be immediately reported to their card company.”

With Better Security Standards, Incidents Like This Can Be Prevented
Reading about P.F. Chang’s should provide all the incentive that administrators and IT staff members need to set in place the strongest security standards possible for their business. To that end, a recent piece in eWeek highlighted some notable facts about data protection for corporate IT teams. Here are some of the main takeaways:

  • Company data is not just in the company anymore. There was a time when a company’s entire informational base was located within its physical office site. But with the proliferation of BYOD policies and the increasing deployment of mobile workforces, that is no longer the case. Given the fact that enterprise access can be dispersed across a sphere beyond just the office, companies need to take this into account and implement more comprehensive security accordingly.
  • The security burden shouldn’t lie with IT alone. Maybe 10 years ago a business could get away with relegating all its security work to the IT guys, but times have changed and in a world fraught with security threats, it’s imperative that everyone in an enterprise — from executive leadership all the way down the line — are equipped with the tools and the wherewithal to practice strong security. Making security a consistent topic at business meetings is a good way to ensure this topic gets the airtime it deserves.

Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation