Credit unions should take note of a recently disclosed data breach at Sonic Drive-In, which may have led to some five million credit and debit cards being exposed. The fast-food chain has 3,600 locations across 45 states.
KrebsOnSecurity reported the breach this afternoon.
"American consumers deserve better from the companies they've entrusted with their financial information," said NAFCU President and CEO Dan Berger. "Our country should already have a national data security standard in place for retailers and merchants, but we don't and it's extremely frustrating. How many more data breaches do consumers need to suffer before these companies are held accountable?"
Brian Krebs, author of KrebsOnSecurity, said he was alerted to the breach by several financial institution representatives who began noticing a pattern of fraudulent transactions on cards that had all been used at the eatery. Sonic Drive-in confirmed that it was investigating a "potential incident."
This comes on the heels of the recent data breach at Equifax that revealed personal information of 143 million consumers.
NAFCU continues to push for Congress to pass a strong national data security standard for retailers that would hold them to the same standards credit unions already follow under the Gramm-Leach-Bliley Act. Credit union representatives can reach out to their members of Congress and urge them to support such a measure through NAFCU’s Grassroots Action Center.