Sonic hit by $5 million suit over 2017 data breach

The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for $5 million in an attempt to recoup money the credit union lost due to Sonic’s data breach in 2017.

American Airlines Federal Credit Union said because of the attack it incurred losses by having to cancel or reissue cards, close accounts, block transactions, refund affected customers and increase fraud monitoring efforts, according to In the suit the credit union also claims Sonic did not properly protect its POS system from cyberattack enabling malicious actors to insert the payment card info stealing malware.

This new case comes just after the burger chain settled a separate class- action lawsuit for $4.3 million brought by two customers affected by the breach. Each person participating in that suit will receive between $10 and $40, said NewsOK.

The case is being brought in Western District of Oklahoma and the plaintiffs have asked the court for the case to be labeled as a class action so other financial institutions can join.

In September 2017 Sonic was hit with a point-of-sale (POS) breach that led to customer payment card information being sold on a dark web market. A Sonic spokesperson told SC Media at the time of the attack that the company was notified by its credit card processor that there was unusual activity involving cards used at Sonic restaurants.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.