Millions of customers of burger chain Sonic might have had their payment card information stolen.
A breach of the store payment system at Sonic resulted in as many as five million debit and credit card accounts being stolen and subsequently peddled in the underground dark side of the internet.
According to cybersecurity expert KrebsOnSecurity, over five million debit and credit card accounts were put on sale in earlier September on a website that specializes in selling stolen cards.
Many of the cards that were put on sale have been linked back to a breach at the Sonic Drive-In chain though the security expert notes it is possible other security systems at other companies were breached as well.
The fast food chain confirmed that its payment processor for debit and credit cards informed the company last week that there had been unusual security activity regarding credit cards used at Sonic.
In a prepared statement, the company said it was working on determining the scope and nature of the issue, since we are well aware how important the matter is to Sonic guests.
The company statement added that law enforcement and third party forensic security experts were engaged when it became award of the unusual activity by its payment processor.
The Sonic statement added that law enforcement limits information that can be shared, but the company will continue to communicate all information it is able to.
Sonic has one point-of-sale system used by almost all of its close to 3,600 locations. The CEO at Sonic, Cliff Hudson said that the chain had been attempting to invest in new technology to compete better with both restaurant concepts and other competitors like Amazon.com.
Stock at Sonic dropped the most in nearly two months after it disclosed the breach.
Shares dropped by up to 4.4% on Wednesday, the largest drop intraday since August 8. Stock at Sonic is down 7.2% in 2017 through the close of business in Tuesday, hurt by the wide ranging headwinds pushing against the restaurant industry in general.
Dangers of breaches by hackers was thrust into the spotlight earlier this month after a credit reporting agency Equifax announced personal data of over 143 million people in the U.S. had been exposed.
A breach was also exposed earlier in 2017 by Chipotle Mexican Grill saying that hackers installed malware to grab data of customers from the chain’s point of sale devices.