Sonic hit by $5 million suit over 2017 data breach

News by Doug Olenick

The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for US$ 5 million (£3.8 million) in an attempt to recoup money the credit union lost due to Sonic's data breach in 2017.

The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for US$ 5 million (£3.8 million) in an attempt to recoup money the credit union lost due to Sonic’s data breach in 2017.

American Airlines Federal Credit Union said because of the attack it incurred losses by having to cancel or reissue cards, close accounts, block transactions, refund affected customers and increase fraud monitoring efforts, according to NewsOK.com. In the suit the credit union also claims Sonic did not properly protect its POS system from cyber-attack enabling malicious actors to insert the payment card info stealing malware.

This new case comes just after the burger chain settled a separate class- action lawsuit for US$ 4.3 million (£3.3 million) brought by two customers affected by the breach. Each person participating in that suit will receive between US$ 10 (£8) and US$ 40 (£30), said NewsOK. 

The case is being brought in Western District of Oklahoma and the plaintiffs have asked the court for the case to be labelled as a class action so other financial institutions can join.

In September 2017 Sonic was hit with a point-of-sale (POS) breach that led to customer payment card information being sold on a dark web market. A Sonic spokesperson told SC Media at the time of the attack that the company was notified by its credit card processor that there was unusual activity involving cards used at Sonic restaurants.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews