Sonic Drive-In Suffers Security Breach, Impacting Credit And Debit Cards

Sonic Drive-In has acknowledged a security breach that may have led to a fire sale on millions of stolen credit and debit card accounts. The fast-food chain owns nearly 3,600 locations across the U.S., but the company is currently unsure of just how many store payment systems have been affected.

Krebs on Security reports that five million credit and debit accounts were put up for sale on Sept. 18 through financial theft site Joker's Stash — many of which had previously been used at Sonic.

On the site, each account is indexed by city, state, and ZIP code, so potential buyers are able to purchase only cards that were stolen from customers who live near them. This bypasses one standard anti-fraud defense, in which a credit card company might block out-of-state transactions from a knowingly stolen account. Joker's Stash lists each compromised card for prices ranging from $25 to $50.

"Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC," the company told The Daily Meal. "The security of our guests' information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able."

"Service with the speed of sound": We bet you didn't know these 9 things about the Oklahoma-based burger chain.