The Story Behind the Sonic Breach
It’s been a rough go of things when it comes to the security of debit and credit card as well as personal information. The massive Equifax breach has already left many Americans feeling unprotected and insecure while Yahoo experienced yet another breach soon afterward. To top it all off, the popular burger chain Sonic Drive-in announced in late September that its payment portals had been compromised.
Experts estimate that information for millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states. The card numbers and details are now up for sale on the darknet.
Here’s what you need to know about the latest in a long line of nationwide security breaches:
The breach became a reality when Sonic’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions of consumers.
Sonic utilizes a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system. The malware copied the information on every card that was swiped in the payment terminal, and then sent it back to the hackers.
The hackers then put this information up for sale online, where buyers can use the card details to rack up huge bills, empty accounts or even steal victims’ identities.
While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.
This breach is similar to the one that hit Wendy’s last year, lasting nine months and affecting 300 restaurants. It took that long to determine the issue and resolve it because many of Wendy’s locations are franchises. Approximately 90% of Sonic’s joints are franchises as well, thus adding to the delay.
Who was affected?
Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. It is still unclear exactly how many customers were affected by the breach, though it is estimated that there may be as many as five million victims in this malware attack.
While most cards with compromised info were linked to activity at one of Sonic’s locations, it is possible that other companies’ security systems were also breached.
How did Sonic react to the attack?
Sonic has announced that it will offer all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.
Sonic was also quick to hire third-party forensic experts to help investigate the attack and identify the hackers. They have also promised to research ways for improving their current system to better protect customers in the future.
How can you protect yourself from this and all future data breaches?
1.) Find out if you were affected: If you’re a regular, or even an occasional, Sonic customer, find out if you were affected by the breach. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus. This will warn creditors that you’ve recently been targeted in a hack, alerting them to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.
2.) Use fraud protection: Even if you haven’t been affected by this breach, it’s a good idea to sign up for fraud protection. These services don’t usually come free, although, in light of its recent data breach, Equifax is now offering a full year of protection with their TrustedID program, free of charge. Fraud protection services will ease the stress of monitoring your credit for fraudulent activity and unusual behavior.
3.) Monitor your accounts: It’s always wise to keep a sharp eye on your money – and that means more than just checking that your wallet is safe. Review all checking account activity several times a week to determine whether your account information or debit card has been hacked or stolen. Also, never throw away a credit card statement without carefully reviewing it to be sure every transaction belongs to you. Additionally, it’s wise to shred such paperwork rather than throwing it in the trash. Finally, request a credit report from the three major credit reporting agencies once a year to see if anyone is using your name to rack up a huge bill or take out a generous loan.
4.) Set up alerts: You can receive notice about suspicious activity almost as soon as they happen by signing up for alerts. Place a maximum transaction amount on your credit and debit card so a thief won’t get away with a huge purchase. You can also limit your transactions to a specific area or region of the country so long-distance hacking won’t work.
Your Turn: How do you protect yourself from data breaches? Share your best tips with us in the comments!