American fast food chain, Sonic Corp. (NASDAQ: SONC) reported a data breach on Wednesday that may potentially affect up to nearly millions customers and their credit card information across the whole U.S.
The hack into Sonic's store payment system may have resulted in up to five million stolen credit and debit card accounts being "peddled in shadowy underground cybercrime stores," security news website KrebsOnSecurity first reported Tuesday.
According to KrebsOnSecurity, five million credit and debit cards were put up for sale on a credit card theft website earlier in September. Most of the credit cards posted on that website linked back to Sonic’s credit card information system. In the mix of the credit cards were also other companies that were hacked.
Sonic confirmed to Business Insider that the company noticed "unusual security regarding credit cards being used at Sonic.”
"We are working to understand the nature and scope of this issue, as we know how important this is to our guests," the company said in a statement. "We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able."
This marks yet another cyberattack within the year. One of the more notable ones is Equifax’s breach that affected 143 million citizens. The SEC also publicly disclosed a cyberattack as well, but that attack happened nearly a year before the SEC made it public.
Cyberattacks like these show giant corporations and businesses that a need for stronger cybersecurity is necessary. These cyberattacks are devastating to both the business itself and its consumers.
Sonic shares fell nearly 5 percent on Wednesday after the company publicly addressed the data breach.