It’s a day of the week ending in “y,” which can only mean one thing: Another national company’s payment system has been compromised. This time, it’s the Sonic Drive-In fast food chain, where potentially millions of credit card numbers may have been stolen.
KrebsOnSecurity.com confirmed the breach with Sonic earlier today, after recently coming across a for-sale stash of around 5 million stolen credit card numbers. According to Krebs, a common link for some of these purloined credit card numbers was that they had recently been used to make purchases at Sonic.
It’s not clear yet whether all 5 million cards for sale in that batch were stolen from the same source, or if they were taken from multiple sources.
We’ve reached out to Sonic for comment on this story, and will update if we hear back. However, the company has provided a statement to Krebs, saying that it learned last week from its credit card processor that there was “unusual activity” tied to cards that had been used at the fast food chain.
“We are working to understand the nature and scope of this issue, as we know how important this is to our guests,” reads the statement. “We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”