Up to 5 million Sonic customers may have had their credit-card info stolen in reported data breach

Sonic Drive-In burgerWikiMedia CommonsSonic Drive-In burger.

Millions of Sonic customers may have had their credit card information stolen.

A breach of Sonic’s store payment system has resulted in up to five million stolen credit and debit card accounts being “peddled in shadowy underground cybercrime stores,” security news website KrebsOnSecurity reported Tuesday.

According to KrebsOnSecurity, five million credit and debit cards were put up for sale on a credit card theft website earlier in September. Many of the millions of cards were linked to a breach at Sonic Drive-In, though the blog notes it is possible that other companies’ security systems were also breached.

The fast-food company confirmed to KrebsOnSecurity that its credit-card processor informed the chain last week of “unusual security regarding credit cards being used at Sonic.” Sonic didn’t immediately respond to Business Insider’s request for comment.

“We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor,” the company said in a statement to KrebsOnSecurity. “While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Sonic has a single point-of-sales system that is used by the majority of its roughly 3,600 locations. Cliff Hudson, the company’s CEO, told Business Insider last week that the chain was attempting to invest in technology to better compete with both rival restaurant concepts and competitors such as Amazon.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.