Millions of customers’ credit card information may have been stolen in Sonic breach

Hot on the heels of another large data breach, Sonic, America’s Drive-In, appears to be the latest victim of a potential data breach. According to security news website KrebsOnSecurity¹, this could mean almost 5 million customers may end up with their credit card information traded in the underground economy. This breach came to light when news website KrebsOnSecurity1 suspected that Sonic’s payment systems may have been compromised.

This news site heard from its sources at several financial institutions that they observed a pattern of fraudulent transactions on credit cards and debit cards that were previously used at Sonic. According to the website, Sonic is working with third-party forensics experts and law enforcement to investigate this issue.Cybercriminals are attracted to stealing data from which they can make money. Credit and debit card numbers fetch a decent amount on the Dark Web, which is a market where people buy credit and debit card numbers and other data to later commit fraud and identity theft.

What to do if you are you a victim?

If you visited a Sonic restaurant and used a credit card to pay, your information may be impacted in the reported “unusual activity” at some of its restaurants. Check your credit card statements for anything out of the ordinary and if you see any suspicious charges, call the credit card company and dispute them right away.

You may also call your credit card company and cancel your current credit card and have them issue a new one. Criminals may be able to go on a shopping spree unbeknownst to you, possibly impacting your credit history. Remember, cybercriminals may not use stolen data right away, so sometimes you may not notice any suspicious activity on your accounts immediately after a breach.

Monitoring accounts on your own may also not be enough. It may be wise to contact one of the three national credit reporting bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days, but you can renew it.

The best offense is defense

When it comes to helping protect yourself from identity theft, being proactive helps. For this reason, it can be beneficial to add another layer of protection by using an identity theft protection service like LifeLock. Due to the number of breaches recently, it makes sense to invest in a service that works to help protect your personal information by sending you alerts if suspicious activity is identified within their network, or if new accounts are opened with your Social Security number.^† LifeLock is one such comprehensive service. Cybercriminals are constantly finding creative ways to steal. The unique combination of digital security by Norton Security and identity theft protection by LifeLock redefines what safety means in a connected world.

No one can prevent all identity theft.
^† LifeLock does not monitor all transactions at all businesses.
¹ KrebsOnSecurity, “Breach at Sonic Drive-in may have impacted millions of credit, debit cards,” September 17, 2017.