Authored by a Symantec employee

 

Hot on the heels of another large data breach, Sonic, America’s Drive-In, appears to be the latest victim of a potential data breach. According to security news website KrebsOnSecurity1, this could mean almost 5 million customers may end up with their credit card information traded in the underground economy. This breach came to light when news website KrebsOnSecurity1 suspected that Sonic’s payment systems may have been compromised.

This news site heard from its sources at several financial institutions that they observed a pattern of fraudulent transactions on credit cards and debit cards that were previously used at Sonic. According to the website, Sonic is working with third-party forensics experts and law enforcement to investigate this issue.Cybercriminals are attracted to stealing data from which they can make money. Credit and debit card numbers fetch a decent amount on the Dark Web, which is a market where people buy credit and debit card numbers and other data to later commit fraud and identity theft.

What to do if you are you a victim?

If you visited a Sonic restaurant and used a credit card to pay, your information may be impacted in the reported “unusual activity” at some of its restaurants. Check your credit card statements for anything out of the ordinary and if you see any suspicious charges, call the credit card company and dispute them right away.

You may also call your credit card company and cancel your current credit card and have them issue a new one. Criminals may be able to go on a shopping spree unbeknownst to you, possibly impacting your credit history. Remember, cybercriminals may not use stolen data right away, so sometimes you may not notice any suspicious activity on your accounts immediately after a breach.

Monitoring accounts on your own may also not be enough. It may be wise to contact one of the three national credit reporting bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report. An initial fraud alert can make it harder for an identity thief to open more accounts in your name. The alert lasts 90 days, but you can renew it.

The best offense is defense

When it comes to helping protect yourself from identity theft, being proactive helps. For this reason, it can be beneficial to add another layer of protection by using an identity theft protection service like LifeLock. Due to the number of breaches recently, it makes sense to invest in a service that works to help protect your personal information by sending you alerts if suspicious activity is identified within their network, or if new accounts are opened with your Social Security number. LifeLock is one such comprehensive service. Cybercriminals are constantly finding creative ways to steal. The unique combination of digital security by Norton Security and identity theft protection by LifeLock redefines what safety means in a connected world.

No one can prevent all identity theft.
LifeLock does not monitor all transactions at all businesses.
KrebsOnSecurity, “Breach at Sonic Drive-in may have impacted millions of credit, debit cards,” September 17, 2017.


Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.