Oklahoma City, Okla. based SONIC Drive-In is the latest enterprise to have hackers help themselves to credit and debit card information. The fast-food chain acknowledged a breach of store payment systems.
Brian Krebs, in his blog KrebsOnSecurity, disclosed the breach of SONIC, with nearly 3,600 locations across 45 U.S. states, may have led to a new menu featuring millions of stolen credit and debit card accounts offered by dark web stores.
Krebs revealed the first hints of a breach came from multiple financial institutions who noticed a recent pattern of fraudulent transactions on cards previously used at SONIC. Krebs tied the incidents to a batch of some five million credit and debit card accounts put up for sale, in prices ranging from $25 to $50, on Sept. 18 by the so-called Joker's Stash, a credit card theft marketplace.
The chain acknowledged the investigation of "a potential incident" at some locations. "Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC," the company statement issued to KrebsOnSecurity read. "The security of our guests' information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able."
The stolen accounts are apparently part of a batch of cards called "Firetigerrr," indexed by city, state and ZIP code. This allows potential buyers to purchase only cards stolen from SONIC customers who live near them, thus avoiding a common anti-fraud defense in which a financial institution might block out-of-state transactions from compromised cards.
"American consumers deserve better from the companies they've entrusted with their financial information," NAFCU President and CEO Dan Berger said. "Our country should already have a national data security standard in place for retailers and merchants, but we don't and it's extremely frustrating. How many more data breaches do consumers need to suffer before these companies are held accountable?"
Berger reiterated that it is credit unions and other financial institutions that help consumers after a merchant data breach. "It's going to be the financial institution that makes them whole, that pays off the charges or replaces money in the customer's checking account, or reissues the cards, and all those costs fall back on the financial institutions," he said. "These big card breaches are going to continue until there's a national standard that holds retailers and merchants accountable."
Earlier this month, following news of the Equifax data breach, Berger in a letter urged congressional leaders to support national data security standards for retailers and others who collect and store consumers' personal and financial information.
"Data breaches have become a constant concern of the American people. Major data breaches now occur with an unacceptable level of regularity. A recent Gallup poll found that 69 percent of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers," Berger said. "These staggering survey results speak for themselves and should demonstrate the need for greater national attention to this issue."
John Christly, Global CISO, Netsurion, a provider of managed security services, and EventTracker, a SIEM company said, "With this influx of credit card breaches, hackers are dedicating a lot of time for small profits on the dark web. In SONIC's case, the stolen cards are going for between $25 and $50. It's basically supply-and-demand fundamentals." He added so prevalent are data breaches its flooded the stolen credit card market.
So, what's next? Christly believes it's the potentially devastating threat of POS ransomware. "Rather than gain access to a chain's POS to exfiltrate credit cards over months (or even years), cybercriminals could deploy ransomware that shuts down the POS systems, effectively bringing the business and all revenue to a screeching halt."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
