This security breach came to light after 5 million credit cards appeared for sale on a dark web marketplace called Joker’s Stash. Brian Krebs, an independent journalist who specializes in cybercrime was the first to report on the story. Krebs goes on in his post to explain that the breach might not stop with Sonic.
“I should note that it remains unclear whether Sonic is the only company whose customers’ cards are being sold in this particular batch of five million cards at Joker’s Stash. There are some (as yet unconfirmed) indications that perhaps Sonic customer cards are being mixed in with those stolen from other eatery brands that may be compromised by the same attackers.”
It is currently unclear how the security breach occurred. The restaurant, which has over 3,600 locations which dot 45 states across the U.S., commented that it is currently digging deeper into the issue in a statement:
“We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
The card information is currently priced at $25 to $50 a pop, which, Krebs notes, is possibly based off how recently the breach was made. The older the breach, the more likely it is that the card will be canceled and the lower the value of the information.
This breach comes just weeks after the Equifax security breach, which affected millions of Americans. For the time being it’s probably best to avoid Sonic. While you’re waiting for your order at Fuddruckers, maybe bone up on some tips on avoiding identity theft.
[Source: Fast Company]