Scale of Sonic Drive-In card theft remains undisclosed

Sonic Drive-In, the largest chain of drive-in restaurants in the US, has discovered that an unknown number of credit and debit card numbers have been acquired without authorization as part of a malware attack.

Providing a terse statement in light of the data breach, Nasdaq-listed Sonic, said: “Based on our investigations to-date, it appears that credit and debit card numbers used at certain Sonic Drive-In locations may have been impacted.”

News of the breach was uncovered by web security expert Brian Krebs last month. According to Krebs, a sample of some five million credit and debit card accounts found in a darknet fire sale had “all previously been used at Sonic”.

While Sonic has not yet confirmed the scale of the data breach, the Oklahoma-based company, which owns nearly 3,600 locations across 45 US states, said it was offering complimentary fraud protection to potentially-impacted patrons.

“As a precautionary measure, we are offering customers who used their cards at our locations this year to receive 24 months of free fraud detection and identity theft protection through Experian’s IdentityWorks program,” Sonic stated.