Fast-food chain Sonic Corp. is the latest company to have its store’s payment systems attacked, leaving some customers’ credit and debit card numbers at risk, security-news website Krebs on Security reported Tuesday.
The operator of Sonic Drive-In burger joints confirmed the breach to Krebs on Security, and it is believed millions of stolen card numbers, potentially of Sonic customers, are now being sold online through underground marketplaces.
Sonic has approximately 3,500 locations in 45 states.
According to the security website’s report, a Sonic spokeswoman said the investigation is in its early stages and the company doesn’t know how many, or which stores were impacted.
“Our credit card processor informed us last week of unusual activity regarding credit cards used at Sonic,” Sonic said in a statement. “We immediately engaged third-party forensic experts and law enforcement when we heard from our processor.”
All but two states have laws mandating how quickly companies must report when data breaches occur, but they’ve been largely ineffective in getting companies to tell the truth in a timely manner. To that end, some U.S. lawmakers are considering federal regulation, which would simplify the rules and require companies to report all data breaches within 30 days.
The attack comes weeks after credit-rating company Equifax Inc. acknowledged (almost a week after it happened) that a massive data breach exposed the personal information of as many as 143 million Americans. The company’s handling of the incident, which was sharply criticized by customers, led to the departure of Chief Executive Richard Smith on Tuesday.
Deloitte, a massive global consulting firm that serves government alongside business, publicly disclosed a cybersecurity breach on Sep. 25, after media reports exposed it.
That cyber-attack, which The Guardian newspaper in London revealed first, appears to have impacted the company’s email system. Deloitte told the paper that the hack had compromised only a fraction of its emails and impacted very few customers. The firm has notified six customers of the attack, according to reports.
Another fast-food chain, Wendy’s Co., launched an investigation last year after finding fraudulent activity involving some of its customers’ credit and debit cards. That breach involved more than 300 of the company’s restaurants.
JOIN THE MOVEMENT to SAVE THE NATIONAL ANTHEM
Please join the thousands of DML readers who have purchased a bumper sticker. CLICK HERE.
If you would like to receive Breaking News text alerts on a smartphone or tablet, download the DML APP which is completely FREE and easy to use. Go to the Google Play Store or the IOS App Store and search for DML APP. Be sure to keep the app’s notifications setting on. Another way to receive alerts is to text to 40404 the following message: follow @realdennislynch (be sure to put a space between the word follow and the @ symbol).
To see more stories like this, sign up below for Dennis Michael Lynch’s email newsletter.
Sign up to get breaking news alerts from Dennis Michael Lynch.