Sonic Drive-In Acknowledges Potential Data Breach

September 27, 2017, Written By Lynn Oldshue
Sonic Drive-In Acknowledges Potential Data Breach

Sonic Drive-In may have suffered a data breach at an unknown number of locations. The fast food chain has nearly 3,600 restaurants in 45 states.

KrebsOnSecurity first learned about the breach last week. Multiple financial institutions found fraudulent transactions on credit or debit cards that had been used at Sonic.

Krebs pointed the banks to a recent set of card numbers that had been put up for sale on September 18. The banks agreed to purchase a small batch of cards for verification purposes, and found all the cards in their batch had been used at Sonic locations. The card information is currently selling for $25 to $50 per card, which is higher than most data collected during a breach. The increased price is because the card numbers are “fresh” and thus more likely to still be active.

Krebs contacted Sonic shortly after this discovery, and the company said they “immediately engaged third-party forensic experts and law enforcement” to investigate the matter. They are also working with their card processor to find the source of the potential breach. Christi Woodworth, Sonic’s vice president of public relations, said they are still in the early stages of the investigation, which is why they are not sure how many restaurants were affected.

The information contained within this article was accurate as of September 27, 2017. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.

About Lynn Oldshue

Lynn Oldshue has written personal finance stories for for twelve years. She majored in public relations at Mississippi State University.
View all posts by Lynn Oldshue