The Story Behind the Sonic Breach

In late September, Sonic Drive-in announced that its payment portals had been compromised.

Experts estimate that information on millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states.

Here’s what you need to know about the latest in a long line of nationwide security breaches:

What happened?

The burger joint’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions.

Sonic uses a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system and the information on every card that was used within the payment system.

The hackers then put this information up for sale online. Buyers then use the card details to rack up huge bills, empty accounts or even steal victims’ identities.

While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.

Who was affected?

Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. The number of victims is estimated at five million.

How did Sonic react to the attack?

Sonic is offering all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.

They also hired third-party forensic experts to help investigate the attack and potentially identify the hackers. They have further promised to research ways for improving their current system to better protect their customers in the future.

How can you protect yourself from this and future data breaches?

  1. Find out if you were affected: If you’re a Sonic customer, you may have been affected. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus to inform creditors they need to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.
  2. Use fraud protection: Even if you haven’t been affected by this attack, it’s a good idea to sign up for a fraud protection service, which will monitor your credit for fraudulent activity and unusual behavior.
  3. Monitor your accounts: Review all checking account activity several times a week to determine whether your information has been hacked or stolen. Review every transaction on your credit card statements. Regularly review your credit report to see if anyone is using your name to rack up a huge bill or take out a loan.
  4. Set up alerts: Place a maximum transaction amount on your credit and debit card to stop thieves from making huge purchases. You can also limit your transactions to a specific area.

Spread the word. Share this post!