Up to 5 million Sonic customers may have had their credit-card info stolen in reported data breach

Sonic Drive-In burger

WikiMedia Commons

Sonic Drive-In burger.

Millions of Sonic customers may have had their credit card information stolen.

A breach of Sonic's store payment system has resulted in up to five million stolen credit and debit card accounts being "peddled in shadowy underground cybercrime stores," security news website KrebsOnSecurity reported Tuesday.

According to KrebsOnSecurity, five million credit and debit cards were put up for sale on a credit card theft website earlier in September. Many of the millions of cards were linked to a breach at Sonic Drive-In, though the blog notes it is possible that other companies' security systems were also breached. Advertisement

The fast-food company confirmed to KrebsOnSecurity that its credit-card processor informed the chain last week of "unusual security regarding credit cards being used at Sonic." Sonic didn't immediately respond to Business Insider's request for comment.

Sonic

Sonic

"We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor," the company said in a statement to KrebsOnSecurity. "While law enforcement limits the information we can share, we will communicate additional information as we are able."
Advertisement

Sonic has a single point-of-sales system that is used by the majority of its roughly 3,600 locations. Cliff Hudson, the company's CEO, told Business Insider last week that the chain was attempting to invest in technology to better compete with both rival restaurant concepts and competitors such as Amazon.