Drive-in chain Sonic says payment cards possibly hacked

(Reuters) – U.S. fast-food chain operator Sonic Corp <SONC.O> said on Wednesday a malware attack at some of its drive-in outlets may have allowed hackers to access customers’ debit and credit card information, the latest in a string of data breaches.

Sonic’s shares fell 2 percent to $24.73 in afternoon trading.

The drive-in chain, which operates across 45 U.S. states, did not disclose how many store payment systems have been affected.

Cybersecurity blog KrebsOnSecurity first reported the news last week and added that the activity may have led to millions of stolen credit and debit card numbers being sold in underground exchanges. (

In wake of the breach, Sonic said it would offer affected customers free identity theft protection.

Upscale grocer Whole Foods, which Amazon <AMZN.O> recently purchased for $13.7 billion, said last week that payment card information had been stolen from taprooms, restaurants and other venues located within some of its stores.

Credit reporting firm Equifax Inc <EFX.N> had disclosed last month that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July, in one of the largest data breaches in the country.

(Reporting by Ahmed Farhatha and Vibhuti Sharma in Bengaluru; Editing by Martina D’Couto)