Data Breach Lawsuit Against Sonic Will Proceed

Sep 9, 2021 12:00 am Cyber Security 206

Data Breach Lawsuit Against Sonic Will Proceed

Litigation filed against American fast-food chain Sonic over a 2017 data breach has been allowed to proceed.





Financial institutions brought a lawsuit against Sonic Corp after it emerged that financial data belonging to customers of the restaurant had been stolen in a cyber-attack. The attacker(s) installed malware on a point-of-sale system used at hundreds of Sonic franchises.





In a data breach notice issued at the time of the attack, Sonic stated: “Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations.”





Sonic is based in Oklahoma City and has nearly 3,600 locations across 45 US states. An investigation into the attack found that customers’ payment card data had been exposed at more than 700 Sonic franchised drive-in locations. 





Under Sonic’s franchise agreement, the franchisees were required to give Sonic access to their transaction data through a Sonic-managed virtual private network (VPN). Hackers accessed this data using VPN credentials issued to a transaction-processing service by Sonic. 





Sonic has argued that the plaintiffs can’t prove that it was guilty of “affirmative acts” that exposed its customers to an “unreasonably high risk of harm.” According to the restaurant chain, any blame for the breach lies with the point-of-sale vendor that it employed, Infor Restaurants Services Inc. 





On Tuesday in Cleveland, Ohio, U ..

Support the originator by clicking the read the rest link below.

breach lawsuit against sonic proceed
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!