With 3,500 locations in 45 states across the US, fast-food chain Sonic Drive-In confirmed falling victim to a data breach that exposed customer credit and debit card numbers. The company was informed about a potential data breach by its credit card processor, after detecting a pattern in a number of fraudulent transactions.
The company hasn’t revealed the exact number of hacked cards, but security researcher Brian Krebs first reported that he came across millions of card numbers for sale on a dark web marketplace called Joker’s Stash, including some that had been recently used at a number of Sonic locations.
Following the investigation, Krebs informed the fast-food chain that the data was for sale on the dark web.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” Sonic said for KrebsOnSecurity. “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
Sonic was probably not the only restaurant targeted by hackers. Last year, fast-food chain Wendy’s also dealt with a breach that affected over 300 restaurants.