Sonic Drive-In Acknowledges Data Breach, 5 Million Cards Potentially Exposed

OKLAHOMA CITY, OK – KrebsOnSecurity reported yesterday afternoon that fast-food giant Sonic Drive-In has acknowledged a data breach that may have led to some five million credit and debit cards being exposed. The fast-food chain has 3,600 locations across 45 states.

Brian Krebs, author of KrebsOnSecurity, said he was alerted to the breach by several financial institution representatives that began noticing a pattern of fraudulent transactions on cards that had all been used at the eatery. Sonic Drive-In confirmed that it was investigating a "potential incident."

This comes on the heels of the recent Equifax breach that compromised personal information of 143 million consumers.

CUNA and the state leagues continue to push Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions and other card issuers already follow under the Gramm-Leach-Bliley Act.

Credit union professionals, volunteers and members are encouraged to use CUNA’s Grassroots Action Center to urge their representatives in Congress to pass comprehensive data security standards for retail merchants.

The NJCUL is also actively pushing for passage of state legislation pending in Trenton that would limit the information retailers may retain after a sale has been completed, allow card issuers to tell their cardholders what entity was responsible for a breach, and hold that entity responsible for the cost of replacing cards as well as any associated fraud losses.  

Cyber Security Workshop: The League is also hosting a timely Cyber Security Workshop on November 2nd, sponsored by Vizo Financial, where you will learn the controls that need to be in place to mitigate risk in the face of cyber attacks. As NCUA requires security awareness training each year, and with data breaches becoming a more frequent occurrence, this is a must-attend event. Register today