Security & Fraud

Uh-Oh. Looks Like Sonic Has Been Breached (And Millions Of Cards, Too)

Here we go again.

It looks like Sonic Drive-In has been breached — and possibly in a pretty big way. Sonic, at present, is at 3,600 locations across 45 U.S. states, and while the fast food chain has acknowledged the breach itself, it remains unsure just how many store payment systems have been affected.

It does seem, according to reports from KrebsOnSecurity, that the breach has yielded a “fire sale” for stolen credit and debit card accounts on the dark web.

The first sign that a big breach had happened started last week in the Oklahoma city area, as reports started rolling out from financial institutions that they were seeing a wave of bad card transactions held together by a single commonality — they’d all been used at a Sonic recently.

Those stolen cards popped up in a dark web bazaar called Joker’s Stash, and there were five million new cards on offer to purchase. At this time, however, it remains unclear whether Sonic is the only company whose customers’ cards are being sold on Joker’s Stash, or if (as reports indicated) those cards are being mixed in with those stolen from other eatery brands that may be compromised by the same attackers.

Shortly after, Sonic confirmed the breach. Christi Woodworth, vice president of public relations at Sonic, noted the investigation is in its early stages, and at this time they are unsure how many locations have been hit.

“Our credit card processor informed us last week of unusual activity regarding credit cards used at Sonic,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to Sonic. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

 

According to a report from Reuters on Wednesday (Oct. 4), Sonic Drive-In believes a malware attack at a handful of its fast food locations may have been the reason hackers were able to gain access to customers’ debit and credit card information. It is still unknown how many point-of-sale systems at its brick-and-mortar locations across 45 U.S. states were affected.

Sonic Drive-In stocks took a 2 percent dive to $24.73 in afternoon trading following the news. The company is currently offering free identity theft protection as a result of the data breach.

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW