Fast food giant SONIC has suffered a breach of its payment systems according to IT security blog KrebsOnSecurity.
With more than 3,500 U.S. locations, the breach could be a significant one, but it’s currently unknown how many SONIC restaurants have been affected. The report said SONIC has confirmed the breach and says its efforts are ongoing as it works to "understand the nature and scope of the issue.”
The breach apparently came to light when banks began noticing a pattern of fraudulent transactions on cards that had all been previously used at a SONIC location. After that, investigators noticed a batch of five million credit card numbers being sold on the Dark Web at discount prices. An analysis of a sample of the accounts confirmed that they had previously been used at SONIC.
SONIC said law enforcement is involved in the case and the company will reveal more information when it can.
While a credit card data breach is damaging, it is more damaging to businesses and card processors than consumers. By law, consumers' liability in fraudulent use of credit cards is limited if the incident is promptly reported.
If you have used a debit or credit card at a SONIC location in recent months, you should notify the fraud department of the bank or credit card company that issued the card. In many cases, the card will be deactivated and a new card will be issued.