The fast food drive-in chain Sonic announced on Tuesday that they had a massive data breach that puts thousands of customers at risk of credit card fraud.
The Krebs On Security blog reported that hackers stole information from an unknown number of Sonic establishments, potentially putting millions of customers in danger of having their credit card information stolen.
Sonic said in a statement to Krebs:
Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC. The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.
Sonic has 36,000 locations in 45 states, making it difficult to determine where the credit card hack began.
Krebs explains that over five million credit cards numbers have appeared on illegal websites, including Joker’s Stash, where they are being sold for anywhere between $25 to $50, allowing for fake cards to be made by thieves looking to cash in.
Fortune magazine reports that since the announcement of the hack, Sonic stocks have taken a severe dip, reaching an all-time low.
According to an article by KFOR News in Oklahoma, the law firm Federman & Sherwood has filed a data breach lawsuit against the fast food chain’s parent company Sonic Corp.