Millions of Sonic customers may have had their credit card information stolen.
A breach of Sonic’s store payment system has resulted in up to five million stolen credit and debit card accounts being “peddled in shadowy underground cybercrime stores,” security news website KrebsOnSecurity first reported Tuesday.
According to KrebsOnSecurity, five million credit and debit cards were put up for sale on a credit card theft website earlier in September. Many of the millions of cards were linked to a breach at Sonic Drive-In, though the blog notes it is possible that other companies’ security systems were also breached.
The fast-food company confirmed to Business Insider that its credit-card processor informed the chain last week of “unusual security regarding credit cards being used at Sonic.”
“We are working to understand the nature and scope of this issue, as we know how important this is to our guests,” the company said in a statement. “We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”
Sonic has a single point-of-sales system that is used by the majority of its roughly 3,600 locations. Cliff Hudson, the company’s CEO, told Business Insider last week that the chain was attempting to invest in technology to better compete with both rival restaurant concepts and competitors such as Amazon.