Sonic Drive-In Chain Hit With Credit Card Breach

September 29, 2017         By: Steven Anderson

Sonic’s line of drive-ins is a pleasant throwback to an earlier era. Though I’m not much for their food personally, they have a line of thoroughly pleasant slushes and shakes that are well worth stopping for. However, there was one extra item on the menu recently that no one wanted to see regardless of their personal tastes: a data breach.

Sonic acknowledged that the breach took place in an “unknown number” of payment systems, reports note, and now the credit card numbers and similar information are currently floating around the Dark Web, available at varying rates. One report from KrebsOnSecurity suggests a credit card number can be had for as little as $25 per card.

Sonic itself, meanwhile, is aware of the breach and is actively investigating same, noting “…We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

This is a problem compounded by the state of payment cards in the United States. While chip-based credit cards under the Europay / Mastercard / Visa (EMV) standard are the standard right now, many financial institutions just haven’t sent such cards to users right now. As of March 2017, Visa noted that 58 percent of the Visa cards issued by financial institutions were chip-based, meaning 42 percent were not.

While the numbers are climbing in favor of chip-based card releases, and acceptance as well—around 44 percent of all retailers that take Visa take chip-based cards—there’s still a hefty lag of places that both aren’t set up to take chip-based cards and places that haven’t actually issued these cards yet. While chip-based card systems have troubles of their own, like the whole “dip” phenomenon, they’ve proven much more secure than the magnetic-stripe equivalents.

With growing numbers of card readers set up to better take the chip-based card, however—not to mention an increasing body of proof that says hackers aren’t pursuing chip-based card systems—it’s a safe bet that we’ll see a lot more stores and a lot more cards go chip-based before too long. The Sonic breach, and many others like it, are too big a hint to ignore.