Sonic Boom, Sonic Breach, Sonic Bust

by Brian Riley 0

Another big breach, this time it looks like 5 million fried food lovers from Sonic.  Fast Company reports that card numbers are now available on the dark web market for $25 to $50 per card; the breach looks like it affects 5 million people.

  • The restaurant chain has more than 3,600 locations in 45 U.S. states, but it’s unclear which have been impacted by the previously unreported breach. The company confirmed to Krebs that it’s investigating “a potential incident” after receiving reports of unusual credit card activity last week, and it issued a statement

  • The batch of 5 million credit cards went on sale on Sept. 18 on a marketplace called Joker’s Stash, according to Krebs(Security)

  • Most of the cards range in price from $25 to $50, and the price is influenced by a number of factors, including the type of card issued (Amex, Visa, MasterCard, etc.); the card’s level (classic, standard, signature, platinum, etc.); whether the card is debit or credit; and the issuing bank.

Internet crooks classify you in a similar fashion to your issuer.  A platinum Visa is worth more than a MasterCard standard issue plastic.

Inaccurate forecasting causes havoc because if you do it improperly, there will be immediate implications.

  • On consumer credit, the central bank said that in a crisis situation – with unemployment more than doubling and the Bank’s interest rate spiking to 4 per cent – British lenders should expect to write off 20 per cent of their loans.

Nothing is sacred, not even our greasy spoons.  I was not a victim in this one, because of a long standing personal commitment to McDonald’s, but Equifax did confirm I was breached in their mess.  In Equifax’s case, more records were exposed than the entire population of Russia.

Compared to those 145 million records at Equifax, 5 million Sonic records might seem like a pittance, but it is still is larger than more than 113 different countries and areas recognized by the United Nations.

Follow the link below if you want to see a screenshot of how these accounts appear on a card-number-for-sale site.

Three steps to take to protect:

  • Use virtual account numbers, such as those offered by Bank of America and Citi

  • Set up notifications with your card issuers to alert when a transaction occurs on your account

  • Frequently check your online account for activity

Also, use your credit card, rather than debit online.  At least you will be risking your card company’s money instead of your personal funds.

Act prudently, or you, too, can be fried.

Overview by Brian Riley, Director, Credit Advisory Service at Mercator Advisory Group

Read the full story here