Sonic Data Breach Potentially Affects MillionsSonic Data Breach Potentially Affects Millions
Sonic first heard about the breach when its credit-card processor detected unusual activity on customers' payment cards.
September 28, 2017
Fast-food giant Sonic has disclosed a data breach potentially affecting millions of customers. The chain has nearly 3,600 stores across 45 US states but as the investigation is ongoing, it does not yet know how many store payment systems were affected.
KrebsOnSecurity first reported the breach, which Sonic discovered last week when its credit-card processor informed the chain of unusual activity regarding customers' payment cards. The incident may have led to a "fire sale" of millions of stolen payment cards on the Dark Web. Card data from Sonic's customers was discovered in a batch of five million credit and debit accounts advertised on an underground credit-card theft bazaar called Joker's Stash.
It's unclear whether all cards in the batch belong to Sonic customers; Krebs reports they could potentially be mixed with cards stolen from other outlets by the same attackers. Most range from $25 to $50 per card depending on the type of card, whether it's credit or debit, and the issuing bank.
Sonic says it's working with law enforcement and third-party forensic experts, and will continue to update with further information.
Read more details here.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment