What You Should Know About Sonic Credit Card Hack
Fast food chain Sonic released a statement yesterday admitting customers may have had their credit and debit card information stolen following a malware attack this year. We already know this workout, right?
Security expert and investigator Brian Krebs discovered the potential for hacking back in April when he discovered a shipment of stolen cards for sale on a stolen data forum . Krebs reported :
The accounts, apparently stolen from Sonic, are part of a pack of cards that the Joker Tyne calls “Firetigerrr,” and they are indexed by city, state, and zip code. This geographic focus allows potential buyers to only purchase cards that have been stolen from Sonic customers who live near them, avoiding general fraud protection whereby a financial institution could block out-of-state transactions from a known compromised card … the cards advertised in the Firetigerr batch are slightly higher than the cards stolen in other violations, probably because the batch is very fresh and has hardly been canceled by the card issuing banks yet.
Hackers break into retail outlets and use malware to copy account data onto the magnetic stripe of the card. With this information, thieves can create a fake card to buy expensive items “in electronics stores and large retail stores,” explains Krebs.
According to their statement, Sonic is offering free credit monitoring from Experian to any customer who has used the card in any of their locations this year. However, as Consumerist points out , “Experian’s monitoring service includes a forced arbitration clause in its Terms of Service , which means you cannot sue Experian if you have a legal dispute regarding the service.” (It’s also worth noting that, like Equifax, Experian’s Credit Monitoring URL is on a different domain than Experian.com, which could make it an easy target for phishing.)
Plus, as we told you earlier, there are many other ways to monitor your credit for free , so Sonic doesn’t offer what you can’t get yourself. Paid services like Lifelock offer a bit more monitoring (some of these services say they will look for your information on the dark web, for example), but free services like WalletHub or CreditKarma will show you regular updates to your credit report and will even warn you if something is wrong.
If you haven’t already, you can also block or warn of fraud on your loan file at each of the three bureaus. Of course, this is another reminder to check your credit card and bank statements regularly. Most banks also allow you to set up alerts for transactions exceeding a certain dollar limit.
So why is this going on? Krebs points out that one of the reasons it is so easy for hackers to steal information is because many financial institutions still use magnetic stripe cards and have yet to switch to more secure chip-based cards . He adds that there is a possibility that the maps used in other eateries may have been compromised as well, but the locations have yet to be confirmed.