Categories: CyberCrimeSecurity

Sonic Drive-In Data Breach Potentially Exposes 5m Customer Credit Cards

A data breach of the payment system belonging to US fast-food chain Sonic Drive-In may have resulted in up to five million customers having their credit card details stolen.

With stores at 3.600 locations across 45 US states, Sonic Drive-In has a significant customer base and thus a treasure trove of data, which according to security expert Brian Krebs, is potentially being sold in a fire sale in “shadowy underground cyber crime stores”.

The data breach, which appears to be ongoing, first showed its signs at an Oklahoma City-based Sonic Drive-In last week, with Krebs noting that sources had told him about a number of fraudulent transactions  cropping up on cards that had previously been used st the fast-food joints.

Sonic Drive-In did inform Krebs about the security breach and said that the company that processes its credit card transactions spotted “unusual security regarding credit cards being used at Sonic”.

Cyber crime pays

Given Sonic Drive-In uses a single point-of-sale system across all its stores, the data breach has the potential to affect all of them and the customers that have made credit card payment in them.

“We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor,” Sonic Drive-In said in a statement to Krebs. “While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Loading ...

The stolen details are now being sold in a cyber thief’s online bazaar called Joker’s Stash, though Krebs said it is unclear if all the details are from the Sonic Drive-In breach or include those swiped from other companies.

One of the reasons this breach is particularly nasty is due to many companies across the US being slow to adopt more secure chip and PIN systems rather then rely on legacy magnetic card readers and signatures that allow for criminals to more easily clone cards and steal data.

Breaches of financial and personal details are becoming more common place yet are also exacting a greater toll on companies that fail to combat them, as seen with the Equifax data breach which has seen the company’s chief executive resign his post.

Do you know all about security in 2017? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

12 hours ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

13 hours ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

16 hours ago

Texas Social Media Law Battle Heads To Supreme Court

Battle between Texas and social networking giants reaches US Supreme Court, and it could decide…

16 hours ago

UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

Chief legal advisor to government says UK can legally launch cyberattacks against hostile nations, and…

20 hours ago