Sonic Drive-In

Sonic Drive-In, a restaurant chain with locations in 45 US states, has acknowledged a breach impacting an unknown number of payment systems and customer payment accounts. In a statement to KrebsOnSecurity, Sonic stated, “Our credit card processor informed us last week of unusual activity regarding credit cards used at Sonic. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.” Sonic also indicated the investigation is still in its early stages, and the company does not know how many or which of its stores were affected. KrebsOnSecurity reported that credit card information obtained in the breach is purportedly for sale on the Dark Web. The NJCCIC recommends all patrons of Sonic Drive-In locations monitor their payment account activity, report fraudulent charges to their financial institution immediately, and request a new payment card if a debit account was used to make purchases.