Emerging Threats

Millions of customers’ credit card information may have been stolen in Sonic breach

Written by a NortonLifeLock employee


Hot on the heels of another large data breach, Sonic, America’s Drive-In, appears to be the latest victim of a potential data breach. According to security news website KrebsOnSecurity1, this could mean almost 5 million customers may end up with their credit card information traded in the underground economy. This breach came to light when news website KrebsOnSecurity1 suspected that Sonic’s payment systems may have been compromised.

This news site heard from its sources at several financial institutions that they observed a pattern of fraudulent transactions on credit cards and debit cards that were previously used at Sonic. According to the website, Sonic is working with third-party forensics experts and law enforcement to investigate this issue.Cybercriminals are attracted to stealing data from which they can make money. Credit and debit card numbers fetch a decent amount on the Dark Web, which is a market where people buy credit and debit card numbers and other data to later commit fraud and identity theft.

What to do if you are you a victim?

If you visited a Sonic restaurant and used a credit card to pay, your information may be impacted in the reported “unusual activity” at some of its restaurants. Check your credit card statements for anything out of the ordinary and if you see any suspicious charges, call the credit card company and dispute them right away.

You may also call your credit card company and cancel your current credit card and have them issue a new one. Criminals may be able to go on a shopping spree unbeknownst to you, possibly impacting your credit history. Remember, cybercriminals may not use stolen data right away, so sometimes you may not notice any suspicious activity on your accounts immediately after a breach.

Monitoring accounts on your own may also not be enough. It may be wise to contact one of the three national credit reporting bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days, but you can renew it.

The best offense is defense

When it comes to helping protect yourself from identity theft, being proactive helps. For this reason, it can be beneficial to add another layer of protection by using an identity theft protection service like LifeLock. Due to the number of breaches recently, it makes sense to invest in a service that works to help protect your personal information by sending you alerts if suspicious activity is identified within their network, or if new accounts are opened with your Social Security number. LifeLock is one such comprehensive service. Cybercriminals are constantly finding creative ways to steal. The unique combination of digital security by Norton Security and identity theft protection by LifeLock redefines what safety means in a connected world.

No one can prevent all identity theft.
LifeLock does not monitor all transactions at all businesses.
KrebsOnSecurity, “Breach at Sonic Drive-in may have impacted millions of credit, debit cards,” September 17, 2017.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.