Saturday, October 7, 2017

Update: Sonic reacts to its ongoing credit breach

UPDATE (10/6/17): Sonic Drive-In has issued an update on what it has done, besides reporting the situation to law enforcement agencies, in response to discovering an ongoing security breach involving credit and debit cards: "We ... immediately began our own investigation with the help of experienced third-party forensics firms. Notice of this incident was briefly delayed accommodating law enforcement’s investigation. We regret that this incident occurred, and apologize for any inconvenience or concern it may cause. As a precautionary measure, we are offering customers who used their cards at our locations this year to receive 24 months of free fraud detection and identity theft protection through Experian’s IdentityWorks program. To take advantage of these free services, you can enroll by visiting the Experian IdentityWorks website. You have until December 31, 2017, to register and enroll. If you have questions or need an alternative to enrolling online, please call 877-534-7032."

(Originally published 9/28/17 with the headline: 'Security breach at Sonic could affect millions of customers')

From QSR Magazine
Millions of credit and debit cards could be at risk thanks to an alleged security breach at Sonic Drive-In, according to KrebsOnSecurity. The outlet is reporting that an ongoing breach “may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores.”

Sonic has about 3,600 locations in 45 states [including Troy and Latham in the Capital Region], with 90% or so representing franchised stores. KrebsOnSecurity was alerted by multiple financial institutions after they noticed a pattern of fraudulent transactions on cards previously used at Sonic. The issue turned out to be a massive one.

The company said it directed several of the banking sources to a batch of about five million credit and debit card accounts that were put up for sale on September 18 in a “credit card theft bazaar” called Joker’s Stash. Two sources who then agreed to purchase a handful of cards from the batch discovered they had all recently been used at Sonic restaurants. It is unclear, however, whether Sonic is the only company involved. The report said it’s likely, although unconfirmed, that the Sonic cards are mixed in with others stolen by the same cyber attackers.
Go here for the rest of the story.

• Go here to visit the Capital Region Brew Trail
• Go here to visit Dowd's New York Wines Notebook

No comments:

Post a Comment