Sonic Drive-In is the latest retailer impacted by a data breach

Business / Security / Tech
Sonic Drive

Krebs on Security says this ongoing breach could be linked to a fire sale of millions of credit and debit card accounts.

Image Courtesy Robert Warren

If you’re a lover of the Sonic Drive-In, you should be informed that the company has acknowledged a data breach. The Sonic Drive-In data breach affects an unknown number of point of sale (POS) systems. KrebsonSecurity says this ongoing breach could be linked to a fire sale of millions of credit and debit card accounts. Krebs (a well-known information security website) first learned of the situation from multiple banks who seen a pattern of fraudulent charges from cards used at Sonic Drive-In.

I (Brian Krebs) directed several of these banking industry sources to have a look at a brand new batch of some five million credit and debit card accounts that were first put up for sale on Sept. 18 in a credit card theft bazaar previously featured here called Joker’s Stash:

Sonic Drive

This batch of some five million cards put up for sale today (Sept. 26, 2017) on the popular carding site Joker’s Stash has been tied to a breach at Sonic Drive-In. The first batch of these cards appear to have been uploaded for sale on Sept. 15.
Courtesy Krebs on Security

Sure enough, two sources who agreed to purchase a handful of cards from that batch of accounts on sale at Joker’s discovered they all had been recently used at Sonic locations.

Now that Krebs had enough data that pointed to a potential problem, he approached Sonic to inquire. The company was as forthcoming as they could be, issuing this statement to Krebs:

“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” reads a statement the company issued to KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

KrebsonSecurity goes into more detail on their website, so be sure to check out the source link below. It seems like the better way to pay these days could be good old-fashioned cash.

What do you think about this data breach? Do you eat at Sonic? Are you concerned? Let us know what you think in the comments below, or on Google+, Twitter, or Facebook.

  Source: KrebsonSecurity
Comments
To Top