Sonic Drive-In Payment Card Data Breach – Class Action Investigation
Chimicles & Tikellis LLP is investigating a potential lawsuit related to the recently-announced data breach suffered by fast-food chain Sonic Drive-In (“Sonic”). Sonic has reported that customers’ credit and debit card information has been stolen by cyber-criminals.
Specifically, on September 26, 2017, news outlets reported that Sonic suffered a data breach potentially affecting millions of customers. News outlets first discovered the data breach when banking institutions noticed that credit and debit cards that had been recently used at Sonic locations were now being used to perpetrate fraud and make fraudulent purchases. On September 27, 2017, Sonic acknowledged that its store payment systems had been compromised and that customers’ credit and debit card information had been stolen. Sonic disclosed that its credit card processor notified the company a week prior to this announcement of unusual activity with cards that had been used at Sonic locations. While Sonic has not yet disclosed the extent of the data breach, it operates 3,600 locations across 45 states, creating the potential for a massive consumer impact. Reports indicate that the stolen card information has been sold on cybercrime websites (e.g. on the dark web) and used for fraudulent charges. One report indicates that a batch of information for 5 million credit cards went on sale on an illegal site as early as September 18, and that the card information is being sold for between $25-$50 per card.
Sonic’s failure to safeguard consumers’ payment card data has exposed consumers to fraud or the future risk of fraud. Sonic’s cyber-security shortcomings and conduct may be actionable under consumer protection and other laws. If you believe you have been impacted by the Sonic data breach or have been notified that your card information was affected by the breach, you may be entitled to compensation and should contact the lawyers listed below.