Sonic Drive-In Acknowledges Potential Data Breach
Sonic Drive-In may have suffered a data breach at an unknown number of locations. The fast food chain has nearly 3,600 restaurants in 45 states.
KrebsOnSecurity first learned about the breach last week. Multiple financial institutions found fraudulent transactions on credit or debit cards that had been used at Sonic.
Krebs pointed the banks to a recent set of card numbers that had been put up for sale on September 18. The banks agreed to purchase a small batch of cards for verification purposes, and found all the cards in their batch had been used at Sonic locations. The card information is currently selling for $25 to $50 per card, which is higher than most data collected during a breach. The increased price is because the card numbers are “fresh” and thus more likely to still be active.
Krebs contacted Sonic shortly after this discovery, and the company said they “immediately engaged third-party forensic experts and law enforcement” to investigate the matter. They are also working with their card processor to find the source of the potential breach. Christi Woodworth, Sonic’s vice president of public relations, said they are still in the early stages of the investigation, which is why they are not sure how many restaurants were affected.