Back to Blog

Sonic Drive-In Hit By Breach, Millions of Cards Potentially Affected

September 28, 2017

By: Sikur


by Tara Seals


Sonic Drive-In, the US fast-food chain where car-hops are still a thing, is the latest victim of a security breach affecting an unknown number of store payment systems—but it could be millions of victims.

Sonic has confirmed that they have been investigating unusual payment card activity since being informed by their credit card processor last week.

First disclosed by independent researcher Brian Krebs, the compromise came to light via a pattern of fraudulent transactions on cards that had previously been used at one of Sonic’s 3,600 locations.

“I began hearing from sources at multiple financial institutions,” Krebs noted in a post. Those cards were then found to be part of a cache of five million credit and debit card accounts that were first put up for sale in mid-September on a dark web site called Joker’s Stash, all indexed by city, state and ZIP code. They’re going at a premium, too: between $25 and $50 per card.

“I should note that it remains unclear whether Sonic is the only company whose customers’ cards are being sold in this particular batch of five million cards at Joker’s Stash,” Krebs said. “There are some (as yet unconfirmed) indications that perhaps Sonic customer cards are being mixed in with those stolen from other eatery brands that may be compromised by the same attackers.”


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.