Sonic Drive-In Hit by Massive Credit Card Breach
Consumers worried about the safety of their credit reports or credit card information aren't getting a lot of good news lately. After Equifax announced that it had been hacked and that nearly half of the US's population credit info and social security numbers may have been at risk of being stolen, Sonic Drive-In is now saying that it may have a serious security breach on its hands.
The fast food chain said that its credit card processing company reported "unusual activity" on a large number of cards that had recently been used at Sonic. A Sonic spokeswoman told the CyberSecurity blog Krebs on Security that it has launched an investigation into the matter and that the company isn't sure how many locations were affected.
Krebs said "the ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores."
Sonic has a large presence in the US, with almost 3,500 locations in 45 states.
The Wall Street Journal says it could be months before more information is available to the public, because only two states require companies to disclose details about security breaches. These laws have been "largely ineffective in getting companies to be forthcoming with information," the Journal added.
The last security breach like this happened to Wendy's in 2016, according to Krebs, and lasted for nine months, affecting 300 restaurants. It took so long to resolve because many of Wendy's locations are franchises — and about 90% of Sonic locations are franchises as well.