Sonic Drive-In customers should check their bank and credit card statements immediately. Why? Because when you snarfed down that $3 cheeseburger and onion rings last week, you might have unknowingly had your credit or debit card number breached.
The fast-food chain admitted a breach affected payment systems at an undisclosed number of restaurants. There are nearly 3,600 locations across 45 U.S. states, according to Sonic’s website. As of now, it doesn’t sound like the breach is contained, so you should likely stick to using cash when eating at this particular chain. And even if you don’t see any suspicious charges yet, you should keep a close watch.
Krebs on Security, which broke the news of the breach, said the ongoing breach “may have led to a fire sale of millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores.”
Five million credit and debit card numbers were put up for sale on Sept. 18 on the dark web, though it’s unclear if all 5 million are from this particular breach.
As of Sept. 27, 2017, the fast-food chain had not issued a statement on its website, though it did release a statement to KrebsOnSecurity.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
The card numbers are selling for between $25 and $50 online. They are indexed by city, state and ZIP code.
“This geographic specificity allows potential buyers to purchase only cards that were stolen from Sonic customers who live near them, thus avoiding a common anti-fraud defense in which a financial institution might block out-of-state transactions from a known compromised card,” Krebs writes.
LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.
*Extended families – primary individual, their spouse/partner, both sets of parents (including those that have been deceased for up to a year), and all children under the age of 25
Are You Covered For Identity Theft?
Photo Credit: Sonic drive-in, Lars Plougmann, Creative Commons Attribution-ShareAlike 2.0