Categories: CyberCrimeSecurity

Sonic Drive-In Data Breach Potentially Exposes 5m Customer Credit Cards

A data breach of the payment system belonging to US fast-food chain Sonic Drive-In may have resulted in up to five million customers having their credit card details stolen.

With stores at 3.600 locations across 45 US states, Sonic Drive-In has a significant customer base and thus a treasure trove of data, which according to security expert Brian Krebs, is potentially being sold in a fire sale in “shadowy underground cyber crime stores”.

The data breach, which appears to be ongoing, first showed its signs at an Oklahoma City-based Sonic Drive-In last week, with Krebs noting that sources had told him about a number of fraudulent transactions  cropping up on cards that had previously been used st the fast-food joints.

Sonic Drive-In did inform Krebs about the security breach and said that the company that processes its credit card transactions spotted “unusual security regarding credit cards being used at Sonic”.

Cyber crime pays

Given Sonic Drive-In uses a single point-of-sale system across all its stores, the data breach has the potential to affect all of them and the customers that have made credit card payment in them.

“We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor,” Sonic Drive-In said in a statement to Krebs. “While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Loading ...

The stolen details are now being sold in a cyber thief’s online bazaar called Joker’s Stash, though Krebs said it is unclear if all the details are from the Sonic Drive-In breach or include those swiped from other companies.

One of the reasons this breach is particularly nasty is due to many companies across the US being slow to adopt more secure chip and PIN systems rather then rely on legacy magnetic card readers and signatures that allow for criminals to more easily clone cards and steal data.

Breaches of financial and personal details are becoming more common place yet are also exacting a greater toll on companies that fail to combat them, as seen with the Equifax data breach which has seen the company’s chief executive resign his post.

Do you know all about security in 2017? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Amazon Workers In North Carolina To Vote On Unionisation

E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…

1 day ago

Blue Origin Preps New Glenn Rocket For Sunday Launch

Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…

1 day ago

Google Donates $1 Million To Donald Trump Inauguration Fund

Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…

2 days ago

Microsoft Confirms Job Cuts Based On Performance

Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…

2 days ago