According to a new report, stolen data from nearly five million credit and debit cards has been posted for sale on the dark web. KrebsOnSecurity, carried out an investigation in which the team discovered that the credit/debit card information was hacked from the fast food chain, Sonic Drive-In.
They were first alerted to such a scenario when multiple financial institutions noticed fraudulent transactions made with cards that were used at the popular fast food outlet. Though Sonic didn’t immediately respond to this discovery, the company did state that they were looking into the security breach.
In a statement made to Krebs, they said that their credit card processor told them a week before that some unusual activity was spotted regarding these cards.
Sonic Drive-In Security Breach
The KrebsOnSecurity report states that Sonic, which has more than 3,600 restaurants in over 45 states, has acknowledged the hack but is unsure how many stores were affected.
To answer questions of why they were reluctant to share information before, they replied that keeping customers’ personal information safe is always their top priority, and that the laws limit the amount of details they can share with the public as the investigations are currently taking place.
They also announced that as soon as they heard about the security breach, they hired third-party forensic agents and investigators to catch the culprits. As of now, it is unknown whether all the data stolen from five million customers happened as a result of the Sonic security breach, or whether other companies were hacked.
Krebs mentioned the possibility that the stolen data might have come from multiple sources.
The investigators are currently looking into whether the security breach was focused on the entire chain or just a few specific Sonic Drive-In locations.
This type of a security breach usually involves scrupulous individuals getting access to a company’s point-of-sale systems, such as cash registers or digital records of payments. They are able to break into the system through the use of malware, which infiltrates and then copies the sensitive data being stored. This stolen data is then sent back to the hackers who end up selling it on the dark web to anyone who is interested.
Most of the time, criminals buy this information and create copies of the card to buy illegal items like weapons or drugs. This way, when law enforcement officials are following the sale of illegal items, they are sent on a wild goose chase.
Due to the security breach, Sonic’s stock value dropped significantly, reaching the lowest status it has seen in the last two months.
However, as the law enforcement agencies make progress in their investigation, the prices should rise again to where they were before.
It’s too early to speculate as the case is still in its initial phase, but if the stolen data is recovered promptly, then Sonic’s shareholders will likely have nothing to worry about in the end.
Sonic Attack Not the First of its Kind
This isn’t the first time a hack of this magnitude occurred at a single company. In fact, compared to other cases this might seem like a small security breach, which is a frightening thought to contemplate as five million is not a small number at all.
In 2014, Home Depot was hacked and the data of nearly 50 million credit and debit cards was stolen. This security breach ended up costing Home Depot nearly $60 million.
Another example is a 2013 security breach that majorly impacted Target—nearly 40 million accounts were affected after a major system hack.
And of course, it’s also easy to compare this cyber attack to the most recent high-profile breach targeting Equifax, in which the data of around 143 million U.S. consumers was stolen.
In modern society, definition of danger is being changed slowly from the physical to the digital. The digital world can just as easily lead to the collapse of the real world we live in, due to the internet’s symbiotic nature.
Online security is just as important as physical security, if not more. The last few years have definitely proved that point, and one has to take the necessary steps to secure and safeguard their valuable data.