Millions of consumers at Sonic Drive-In victims of data breach


Hackers have made yet another victim. Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged that millions of credit cards used by customers may have been compromised. The credit card processor of the company noticed that there was some “unusual activity” regarding credit cards used at Sonic. The help of third-party forensic experts and law enforcement forces have been used to understand the nature and the extent of damage caused to clients.

After noticing a fire sale of millions of stolen credit and debit cards accounts on the black market, KrebsOnSecurity decided to verify the origin of these cards and managed to link the latter to Sonic after discovering from two sources that they have recently been used at the fast-food chain. KrebsOnSecurity then contacted Sonic and the chain acknowledged “investigating a potential incident” at certain locations.
In its response to KrebsOnSecurity, Sonic stated that even if they have been quick to seek the help of forensic experts and law enforcement services, they are restrained at the moment from revealing the totality of information being gathered.  The Public Relations department of Sonic underlined that the investigation is still in its early stage and it is difficult to say how many stores have been targeted. They added that they understand how all this is for the customers.
A fresh batch of stolen cards indexed by geographical specificities
The accounts apparently stolen from Sonic are allegedly being sold as part of a batch of cards known as “Firetigerrr” on Joker’s Stash. Prices for these cards are higher than usual, no doubt because they represent a fresh batch. They were ranged between $25 to $50, depending on the type of card issued, the bank, the card level, and whether it is a credit or debit card. The accounts are indexed by city, state and ZIP code. This geographic specificity has no doubt been set to allow potential buyers to acquire only those cards belonging to Sonic customers living nearby. This system is known as a popular anti-fraud defense to prevent financial institutions from blocking out-of-state transactions from a known compromised card.
Fraudsters generally steal credit card data from organizations that accept cards by hacking into point-of-sale systems remotely. Those systems are then seeded with malicious software that copies account data stored on a card’s magnetic stripe. The information obtained may be used to clone cards and use the counterfeits for purchasing expensive merchandise.
Sonic’s cards are possibly mixed with stolen cards from other eateries
According to Krebs On Security, the Sonic customer cards are possibly mixed with other cards stolen previously from other eatery brands.  One of the biggest known card breaches involving a large nationwide fast-food chain is Wendy’s breach where more than a thousand Wendy’s locations were impacted. The breach persisted for almost nine months after it was first disclosed. The Wendy’s breach entailed heavy costs implications for card-issuing banks and credit unions which found themselves forced to continuously re-issue customer cards that kept getting compromised every time their customers used them at another Wendy’s Read More.