Sonic: Difference between revisions
mNo edit summary |
m →Malware attack (2017): typos |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{Incomplete}} | {{Incomplete}} | ||
{{CompanyCargo | {{CompanyCargo | ||
|Founded=1953 | |Founded=18 June 1953 | ||
|Industry=Food | |Industry=Food | ||
|Logo=Sonic | |Logo=Sonic logo.png | ||
|ParentCompany=Inspire Brands | |ParentCompany=Inspire Brands | ||
|Type=Subsidiary | |Type=Subsidiary | ||
| Line 9: | Line 9: | ||
|Description= | |Description= | ||
}} | }} | ||
==Consumer | '''{{Wplink|Sonic Drive-In|Sonic}}''' is a fast food company founded in 1953. | ||
==Consumer impact summary== | |||
{{Ph-C-CIS}} | {{Ph-C-CIS}} | ||
| Line 22: | Line 23: | ||
On September 16, KrebonSecurity disclosed that Sonic suffered a data breach on its Point of sales systems, exposing an estimate 5 millions of customers financial information are being sold on a website called Joker’s Stash.<ref>{{Cite web |date=26 September 2017 |title=Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards |url=https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/ |url-status=live |archive-url=https://web.archive.org/web/20180211195243/https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/ |archive-date=11 February 2018 |access-date=16 March 2026 |website=KrebsOnSecurity}}</ref> A few days later, the blog got traction on social media, with major new outlets covering the leak.<ref>{{Cite web |date=28 September 2017 |title=Data breach at Sonic restaurants could affect millions of customers |url=https://www.youtube.com/watch?v=Uu7mZYYWM8c |url-status=live |access-date=16 March 2026 |website=Youtube}}</ref> The company issued a public response on its website on October 4, acknowledging the breach and offering affected customers 24 months fraud protection until December 24, 2017.<ref>{{Cite web |date=4 October 2017 |title=SONIC Drive-In: Notice of Payment Card Breach |url=https://ir.sonicdrivein.com/releasedetail.cfm?releaseid=1042818 |url-status=dead |archive-url=https://web.archive.org/web/20171015010107/https://ir.sonicdrivein.com/releasedetail.cfm?releaseid=1042818 |archive-date=15 October 2017 |access-date=16 March 2026 |website=Sonic Drive In}}</ref> | On September 16, KrebonSecurity disclosed that Sonic suffered a data breach on its Point of sales systems, exposing an estimate 5 millions of customers financial information are being sold on a website called Joker’s Stash.<ref>{{Cite web |date=26 September 2017 |title=Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards |url=https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/ |url-status=live |archive-url=https://web.archive.org/web/20180211195243/https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/ |archive-date=11 February 2018 |access-date=16 March 2026 |website=KrebsOnSecurity}}</ref> A few days later, the blog got traction on social media, with major new outlets covering the leak.<ref>{{Cite web |date=28 September 2017 |title=Data breach at Sonic restaurants could affect millions of customers |url=https://www.youtube.com/watch?v=Uu7mZYYWM8c |url-status=live |access-date=16 March 2026 |website=Youtube}}</ref> The company issued a public response on its website on October 4, acknowledging the breach and offering affected customers 24 months fraud protection until December 24, 2017.<ref>{{Cite web |date=4 October 2017 |title=SONIC Drive-In: Notice of Payment Card Breach |url=https://ir.sonicdrivein.com/releasedetail.cfm?releaseid=1042818 |url-status=dead |archive-url=https://web.archive.org/web/20171015010107/https://ir.sonicdrivein.com/releasedetail.cfm?releaseid=1042818 |archive-date=15 October 2017 |access-date=16 March 2026 |website=Sonic Drive In}}</ref> | ||
The company faced 12 lawsuits from customers because of this incident, alleging the company's failure to implement up to date security practices and disclosing the incidents to customers.<ref>{{Cite web |date=12 February 2018 |title=IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF OHIO EASTERN DIVISION AT CLEVELAND |url=https://www.ohnd.uscourts.gov/sites/ohnd/files/2807-26.pdf |url-status=live |archive-url=https://web.archive.org/web/20201020020507/https://www.ohnd.uscourts.gov/sites/ohnd/files/2807-26.pdf |archive-date=20 October 2020 |access-date=16 March 2026 |website=ohnd.uscourts.gov}}</ref><ref>{{Cite web |last=Rizzi |first=Corrado |date=29 September 2017 |title=Sonic Hit with Class Action Almost Immediately After Data Breach Announcement |url=https://www.classaction.org/news/sonic-hit-with-class-action-almost-immediately-after-data-breach-announcement |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=15 November 2017 |title=Sonic Facing Another Class Action in the Wake of Data Breach |url=https://www.classaction.org/news/sonic-facing-another-class-action-in-the-wake-of-data-breach |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=5 October 2017 |title=Sonic Corp. Facing Third Lawsuit Over Recent Data Breach |url=https://www.classaction.org/news/sonic-corp-facing-third-lawsuit-over-recent-data-breach |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=19 December 2017 |title=Sonic Data Breach Sparks Another Class Action |url=https://www.classaction.org/news/sonic-data-breach-sparks-another-class-action |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref> On October 2018, a $4.3 million settlement was reached.<ref>{{Cite web |last=Spicer |first=Christina |date=15 October 2018 |title=$4.3M Sonic Data Breach Class Action Settlement Reached |url=https://topclassactions.com/lawsuit-settlements/lawsuit-news/4-3m-sonic-data-breach-class-action-settlement-reached/ |url-status=live |access-date=16 March 2026 |website=Top Class Action}}</ref> In May 2022, a $5.4 settlement was reached, requiring | The company faced 12 lawsuits from customers because of this incident, alleging the company's failure to implement up to date security practices and disclosing the incidents to customers.<ref>{{Cite web |date=12 February 2018 |title=IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF OHIO EASTERN DIVISION AT CLEVELAND |url=https://www.ohnd.uscourts.gov/sites/ohnd/files/2807-26.pdf |url-status=live |archive-url=https://web.archive.org/web/20201020020507/https://www.ohnd.uscourts.gov/sites/ohnd/files/2807-26.pdf |archive-date=20 October 2020 |access-date=16 March 2026 |website=ohnd.uscourts.gov}}</ref><ref>{{Cite web |last=Rizzi |first=Corrado |date=29 September 2017 |title=Sonic Hit with Class Action Almost Immediately After Data Breach Announcement |url=https://www.classaction.org/news/sonic-hit-with-class-action-almost-immediately-after-data-breach-announcement |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=15 November 2017 |title=Sonic Facing Another Class Action in the Wake of Data Breach |url=https://www.classaction.org/news/sonic-facing-another-class-action-in-the-wake-of-data-breach |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=5 October 2017 |title=Sonic Corp. Facing Third Lawsuit Over Recent Data Breach |url=https://www.classaction.org/news/sonic-corp-facing-third-lawsuit-over-recent-data-breach |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref><ref>{{Cite web |last=Shaak |first=Erin |date=19 December 2017 |title=Sonic Data Breach Sparks Another Class Action |url=https://www.classaction.org/news/sonic-data-breach-sparks-another-class-action |url-status=live |access-date=16 March 2026 |website=ClassAction}}</ref> On October 2018, a $4.3 million settlement was reached.<ref>{{Cite web |last=Spicer |first=Christina |date=15 October 2018 |title=$4.3M Sonic Data Breach Class Action Settlement Reached |url=https://topclassactions.com/lawsuit-settlements/lawsuit-news/4-3m-sonic-data-breach-class-action-settlement-reached/ |url-status=live |access-date=16 March 2026 |website=Top Class Action}}</ref> In May 2022, a $5.4 settlement was reached, requiring Sonic pay $3 million to reimburse financial institutions, and $1 or $1.50 for each payment card reissued or involved.<ref>{{Cite web |last=Heisig |first=Eric |date=7 October 2022 |title=Judge Signals Approval For Sonic's Data Breach Settlement |url=https://www.bfvlaw.com/wp-content/uploads/2022/10/Judge-Signals-Approval-For-Sonics-Data-Breach-Settlement-Law360.pdf |url-status=live |access-date=16 March 2026 |website=Law360}}</ref> [[File:Plaintiff messages in Sonic 2020 lawsuit.png|thumb|Plaintiff messages in Sonic 2020 lawsuit.]] | ||
million to reimburse financial institutions, and $1 or $1.50 for each payment card reissued or involved.<ref>{{Cite web |last=Heisig |first=Eric |date=7 October 2022 |title=Judge Signals Approval For Sonic's Data Breach Settlement |url=https://www.bfvlaw.com/wp-content/uploads/2022/10/Judge-Signals-Approval-For-Sonics-Data-Breach-Settlement-Law360.pdf |url-status=live |access-date=16 March 2026 |website=Law360}}</ref>[[File:Plaintiff messages in Sonic 2020 lawsuit.png|thumb|Plaintiff messages in Sonic 2020 lawsuit.]] | |||
===Sonic Spam Messages=== | ===Sonic Spam Messages=== | ||