The Sonic Drive-in is an old-fashioned and popular fast-food chain with roller-skating carhops and has almost 3,600 locations in the US. Â Just recently, it became a popular hit for hackers. The breach affected an unknown amount of its store payment systems. Â KrebsOnSecurity has learned that this may have led to a fire sale on millions of stolen debit card and credit card accounts. Â The first clue of a breach came to the surface when it was noticed that many of these accounts were being sold in nefarious underground cybercrime stores. Â Multiple financial organizations began to notice a pattern of fraudulent transactions on debit and credit cards that had been used at Sonic Drive-ins. Â Some of the cards were up for sale as early as September 15.
â€œOur credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,â€ reads a statement the company issued to KrebsOnSecurity. Â â€œThe security of our guestsâ€™ information is very important to SONIC. Â We are working to understand the nature and scope of this issue, as we know how important this is to our guests. Â We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. Â While law enforcement limits the information we can share, we will communicate additional information as we are able.â€ Â The vice president of public relations at Sonic said that they didnâ€™t yet know how many of its stores were affected.
The stolen accounts from Sonic is called â€œFiretigerrr.â€ Â They are organized by city, state and zip code and allows buyers to buy cards from Sonic customers that lived near them. Â This helps avoid an out-of-state transaction from being stopped. Â Cyber thieves usually steal credit card information by hacking into point-of-sale systems using the malicious software. Â So, this strategy is nothing new. Â The data can clone cards and use them to purchase high-priced items. Â The cost for these stolen cards was high, which is likely due to the fact that the theft was fresh. Â This theft bazaar caused Sonicâ€™s shares to tank 4.4 percent and the stock is down. Â The company reported thatÂ â€œWe are working to understand the nature and scope of this issue, as we know how important this is to our guests,â€ the company said in a statement.
â€œWe immediately engaged third-party forensic experts and law enforcement when we heard from our processor. Â While law enforcement limits the information we can share, we will communicate additional information as we are able.â€
The Last Known Card Breach with a Fast-Food Chain
This isnâ€™t the first time that there has been a major card breach with a major fast-food chain. Â There was a security breach at thousands of Wendyâ€™s stores that was extremely expensive for credit unions and card-issuing banks. Â And Wendyâ€™s had a huge challenge trying to get a hold on the theft, which was due to the fact that the locations were independently rather than corporate owned. Itâ€™s the financial institutions that must make victims whole again. Â One of the major changes to ward off hackers is the use of using cards that are chip enabled. Â This makes it harder for thieves to counterfeit. Â As of March 2017, only 58 percent of Visa cards were chip enabled. Â Chipotle Mexican Grill also reported a breach earlier this year. Â Whole Foods Market also disclosed a recent breach. Â Even bigwigs like Home Depot and Target have been hacked.
The dangers of data breaches are very real for all industries today. Â Recently, it was learned that Equifax exposed the data of over 140 million people in the US. Hackers were able to access troves of names, driverâ€™s license numbers, Social Security numbers, and birthdates.
While thereâ€™s no magic bullet to prevent hackers from attacking point-of-sale systems, there are steps fast food chains can take to lessen the chance.
- Maintaining the most up-to-date POS software
- Installing Firewalls and anti-virus software to protect the POS networks
- Creating strong passwords and changing them often
- Denying internet access from POS stations and terminals
- Disabling all remote access
- Educating employees about proper use of POS systems and security precautions
- Protecting the hardware and software
Without a doubt, cybercriminals are costing the country money and companies revenue. Â Itâ€™s time for all businesses to take more action. Â One effective method is to use a managed service IT provider. Â These professionals update software, fix hardware and patch up holes. Â They also alert clients immediately if there is a breach. Â For many companies, the in-house IT staff donâ€™t have the time or skills to handle everything. Â If youâ€™d like to learn more about how a third-party service provider can help your company, contactÂ Radius Executive IT Solutions in Boston and throughout New England at (978) 528-0110 or email at email@example.com. Â The experts at Radius Executive IT Solutions are always happy to answer any questions.