OKLAHOMA CITY – Fast-food chain Sonic Drive-In is investigating a possible data breach that may have impacted millions of credit and debit cards used at its drive-ins.
Officials with Sonic Drive-In, a fast food chain with nearly 3,600 locations, said this week they had been notified of “unusual activity” regarding credit and debit cards used at Sonic.
“The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores,” according to KrebsOnSecurity, which first reported the possible breach.
Sonic Drive-In confirmed to KrebsOnSecurity that the company is investigating “a potential incident” at some Sonic locations.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
At this time, the company does not know how many or which of its stores may have been impacted.
— Jessica Bruno (@JbrunoKFOR) September 27, 2017