Sonic Drive-In customers across the tri-state may have had their credit and debit card information stolen in a recent data breach at the fast food chain, according to reports.
Security news website KrebsOnSecurity reported that a breach in the restaurant’s payment system could have impacted as many as five million people.
Sonic has over 3,500 restaurants across the U.S., including 17 in New Jersey, 15 in New York and four in Connecticut.
KrebsOnSecurity said the first signs of the breach came last week, after a number of fraudulent transactions were found on cards that had all been previously used at an Oklahoma City-based Sonic.
Millions of cards were also put up for sale in “underground cybercrime stores,” according to KrebsOnSecurity. Some of those cards had also been previously used at Sonic, the site said.
KrebsOnSecurity reported that upon request for comment, Sonic confirmed that they were investigating a “potential incident” at some locations.
"The security of our guests' information is very important to Sonic. We are working to understand the nature and scope of this issue,” the company said in a statement to the security news site.