Brian Krebs has reported the incident, signalled by multiple financial institutions who noticed a recent pattern of fraudulent transactions on cards that had all previously been used at Sonic. The restaurant has nearly 3,600 locations across 45 US states, and the ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts.
The security expert says that around five million credit and debit card accounts were put up for sale in a credit card theft bazaar called Joker’s Stash. The accounts apparently stolen from Sonic are part of a batch of cards that Joker’s Stash is calling “Firetigerrr,” and they are indexed by city, state and ZIP code. This information allows potential buyers to purchase only cards that were stolen from Sonic customers who live near them, thus avoiding a common anti-fraud defence in which a financial institution might block out-of-state transactions from a known compromised card, the security expert continued.
The company immediately engaged third-party forensic experts and law enforcement when they were announced by their processor about the breach, reads a statement the company issued to KrebsOnSecurity.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now