Buzz
On Tuesday, the popular fast-food chain Sonic issued a statement confirming that a malware attack this year may have compromised customers' credit and debit card details. It’s becoming all too familiar, isn't it?
Security expert Brian Krebs uncovered this potential breach back in April when he came across a set of stolen cards being sold on a forum dedicated to illicit data. Krebs reported:
The stolen accounts from Sonic are part of a batch labeled “Firetigerrr” by Joker’s Stash, and they are organized by city, state, and ZIP code. This localized data makes it easier for criminals to target cards from Sonic customers in their vicinity, bypassing fraud protections that block out-of-state transactions. The price for cards from this batch is higher than those from other breaches, likely due to their freshness and the fact that they have not yet been flagged by banks.
Hackers infiltrate point-of-sale systems and deploy malware to capture account data from a card’s magnetic stripe. With this stolen information, fraudsters can create counterfeit cards to purchase high-value items, particularly from electronics and big-box retailers, Krebs explains.
Sonic has announced that it will provide free credit monitoring through Experian to any customer who used a card at one of its locations this year. However, as Consumerist highlights, this service comes with a forced arbitration clause in its Terms of Service, meaning you’d forfeit the ability to sue Experian if any legal issues arise. Additionally, like Equifax, Experian’s credit monitoring site is on a different domain than Experian.com, which could potentially be targeted by phishing attacks.
As we've pointed out before, there are many other ways to monitor your credit for free. Sonic’s offer isn't something you can't already get on your own. Paid services like Lifelock provide additional monitoring (some even track your data on the dark web), while free options like WalletHub or CreditKarma will keep you updated on your credit report and alert you if anything unusual appears.
If you haven't done so yet, consider placing a credit freeze or fraud alert on your file with the three major credit bureaus. It’s also a good reminder to regularly review your credit card and bank statements. Many banks offer transaction alerts for purchases above a certain threshold.
Why does this keep happening? Krebs points out that a key reason hackers continue to steal information is that many financial institutions still rely on magnetic stripe cards and have yet to adopt more secure chip-based cards. He also suggests that other restaurants could be affected, but these locations have not yet been confirmed.
