A settlement has recently been reached with Sonic Drive-In in a class action lawsuit asserting claims against several Sonic entities relating to a data breach arising out of a third-party cyber attack in 2017 that targeted the point of sale systems of Sonic Drive-In locations in an effort to steal customer payment card information (the “Data Breach”). Sonic denies all of the claims in the lawsuit. The Settlement does not establish who is right, and is not an admission of fault, but rather reflects a compromise to end the lawsuit.
The Settlement includes all residents of the United States of America who made a purchase at any one of the 325 impacted Sonic Drive-In locations and paid using a credit or debit card from April 7, 2017 through October 28, 2017.
The Settlement provides payments to people who submit valid and timely claims attesting (i) that they made a purchase using a credit or debit card at one of the 325 impacted Sonic Drive-In locations during the Relevant Time Period (Category 1), or (ii) that they made a purchase using a credit or debit card at one of the 325 impacted Sonic Drive-In locations during the Relevant Time Period and that they experienced fraudulent or unauthorized charges on the credit or debit card used at the impacted location any time thereafter up through February 28, 2018 (Category 2).
Among the 325 impacted Sonic Drive-In locations, two of them were in the communities near Ponca City (Blackwell, OK and Winfield, KS locations).
Attached is a list of all locations across the U.S. that were affected.
sonic drive in locations affected during 2017 breach
