Security Blogger Brian Krebs, who last year revealed the Target data breach, reported that P.F. Chang's locations in Florida, Maryland, New Jersey, Pennsylvania, Nevada and North Carolina had been compromised between the end of March and May 19.
Krebs also said that the credit card information was being sold on website rescatir.so for $18 to $40 per card, a site that was favored by the Target hackers as well.
P.F. Chang's confirmed the existence of a breach but said it was investigating the issue.
"P.F. Chang's takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more," the statement said. "We will provide an update as soon as we have additional information."
Banks contacted by Krebs had confirmed that the stolen cards had been used P.F. Chang's locations in the United States between March and May.
In a similar case, 40 million credit card and debit cards of Target shoppers were hacked during the holiday season and sold on the Internet.
The P.F. Chang's breach shows that hackers are not averse to hacking smaller companies, which is more difficult. Larger companies, like Target, are easier to hack as there are more entry points to gain electronic access.
"The items for sale are not cards, per se, but instead data copied from the magnetic stripe on the backs of credit cards," Krebs wrote. "The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software."