Here we go again: Sonic may be the latest company to face a cybersecurity breach.
The drive-in restaurant chain — which has 3,500 locations across the United States — said Wednesday that a credit card processing company noticed peculiar activity on some Sonic customers’ cards. That’s a telltale sign that hackers targeted Sonic, cybersecurity experts say.
The company said it’s not yet clear how many restaurants or customers may be impacted.
Sonic was first notified about the suspicious activity last week, according to a statement. The company “immediately engaged third-party forensic experts and law enforcement when we heard from our processor,” it said.
“We are working to understand the nature and scope of this issue,” the statement reads. “While law enforcement limits the information we can share, we will communicate additional information as we are able.”
KrebsOnSecurity, a notable cybersecurity blog that earlier identified a potential breach, said millions of credit and debit card numbers may have been stolen.
A KrebsOnSecurity blog post about the ordeal says hackers likely gained remote access to “point-of-sale systems” — or the machines where you swipe or insert your credit card — in order to steal people’s payment information.
A similar method was used in an attack against Wendy’s earlier this year, the blog post says. The company said more than 1,000 of its U.S. restaurants were targeted by hackers, compromising an unknown number of credit and debit cards.
Chipotle was also targeted this year. It said in May that “most, but not all” of its restaurants may have been involved in a credit-card theft scheme carried out by hackers who installed malware on cash registers.
The Sonic breach also follows one of the most high-profile data breaches in history.
Just weeks ago, credit reporting bureau Equifax admitted that hackers were able to gain access to personal information for as many as 143 million Americans. That breach went beyond stolen credit card numbers — it put large numbers of individuals at risk for identity theft.