Sonic Drive-In customers should check their bank and credit card statements immediately. Why? Because when you snarfed down that $3 cheeseburger and onion rings last week, you might have unknowingly had your credit or debit card number breached.
The fast-food chain admitted a breach affected payment systems at an undisclosed number of restaurants. There are nearly 3,600 locations across 45 U.S. states, according to Sonic’s website. As of now, it doesn’t sound like the breach is contained, so you should likely stick to using cash when eating at this particular chain. And even if you don’t see any suspicious charges yet, you should keep a close watch.
Krebs on Security, which broke the news of the breach, said the ongoing breach “may have led to a fire sale of millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores.”
Five million credit and debit card numbers were put up for sale on Sept. 18 on the dark web, though it’s unclear if all 5 million are from this particular breach.
As of Sept. 27, 2017, the fast-food chain had not issued a statement on its website, though it did release a statement to KrebsOnSecurity.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
The card numbers are selling for between $25 and $50 online. They are indexed by city, state and ZIP code.
“This geographic specificity allows potential buyers to purchase only cards that were stolen from Sonic customers who live near them, thus avoiding a common anti-fraud defense in which a financial institution might block out-of-state transactions from a known compromised card,” Krebs writes.LibertyID is the AAA of identity theft protection, offering the most effective identity theft restoration and protection service. Sign up for an annual subscription and rest easy knowing that if your identity is stolen, we will fix it. There’s no limit to the time or money we will spend restoring your identity to pre-event status. A certified restoration specialist will handle all of the legwork and keep you informed with regular status updates. But just like with AAA, you have to be covered before there’s an accident.
Are You Covered For Identity Theft?
Photo Credit: Sonic drive-in, Lars Plougmann, Creative Commons Attribution-ShareAlike 2.0