A Major Data Breach – Possibly 5 Million Card Compromised at Sonic Drive-In

We have shared it before and now we will share it again.  Data Breach Protection policies are super cheap and well worth their investment.  Less than fifty percent of all U.S. merchants have invested in a Data Breach Policy.  In October of 2015, the liability for data breaches was shifted from banks to merchants.  Chosen Payments offers a Data Protection Policy for about $10 a month.

Most recently Sonic Drive-In has been breached — and possibly in a pretty big way.  Sonic, at present, is at 3,600 locations across 45 U.S. states — and while it has acknowledged the breach itself, it remains unsure just how many store payment systems have been affected.

It does seem, according to reports from Krebs On Security, that the breach has yielded a “fire sale” for stolen credit and debit card accounts on the dark web.  Each credit card number can fetch between $13 and $20 when sold.

The first sign that a big breach had happened started rolling in last week from the Oklahoma city area as reports started rolling out from financial institutions that they were seeing a wave of bad card transactions held together by a single commonality — they’d all been used at a Sonic recently.

Those stolen cards popped up in a dark web bazaar called Joker’s Stash — and there were five million new cards on offer to purchase. At this time, however, it remains unclear whether Sonic is the only company whose customers’ cards are being sold in the five million card batch at Joker’s Stash, or if (as reports indicated) those cards are being mixed in with those stolen from other eatery brands such as Chipotle that may be compromised by the same attackers.

Shortly after, Sonic confirmed the breach. Christi Woodworth, vice president of public relations at Sonic, noted the investigation is in its early stages, and at this time they are unsure how many locations have been affected.

If you experience a data breach, you will be expected to pay for a forensic audit, the cost of all replacement cards as well fraudulent purchases if another merchant experienced a loss.  You will also be assessed fines from Mastercard, Visa and others.

If you accept credit cards, it is wise to invest in a Data Breach Policy.  The policy will even cover employee theft of card numbers in addition to “skimmers” installed on your credit card terminals to capture the data.  Contact Chosen Payments for additional information. Call 855-4CHOSEN or email Jim.Luff@chosenpayments.com