So, This is How You SONIC?

Almost everyday we read or hear about another company that failed to follow basic security principles resulting in a hack and consumers having their credit and personal information floating around the ‘Dark Web‘. Well today was no different – fast-food company SONIC was the latest security slacker to get hit. It seems that ‘Joker’s Stash‘, a group on the infamous Dark Web, is attempting to sell credit card information of 5 million people and SONIC customers make up a portion of those.

Ordinarily this would be another ho-hum event, but the timing couldn’t be worse given the recent Equifax hack – SONIC may take a collateral hit from the blow-back. It would appear that politicians are getting fed up with all the hacking and may introduce the Freedom from Equifax Exploitation Act or ‘FREE Act’ to take credit reporting agencies to task. According to Elizabeth Warren, a co-sponsor of the bill it would-

The FREE Act allows every consumer to freeze and unfreeze their credit file for free. A freeze is like a “Do Not Call” list for your credit information. When your file is frozen, no one can access your data, and the credit reporting agency can’t sell it either. It’s partially about security—if your file is frozen, hackers who might have stolen your personal information can’t open credit cards or take out loans in your name.

Second, our bill requires any credit-reporting agency to fully and automatically refund your money if it charged you for a credit freeze after the Equifax breach. No one in the industry should profit from this hack.

Third, the legislation gives consumers access to a free credit report if they request a credit freeze, in addition to the free credit report that every American is entitled to every year.

Finally, the bill gives consumers whose personal data has been compromised access to fraud alerts. Fraud alerts are red flags in your credit report to alert whoever is looking at it that they should carefully verify your identity.

In addition, other legislation is being proposed to impose stiff fines for those companies who are asleep at the security wheel.

Just another reason that CSOs and CIOs need to-





kayaker co-pilot Tucson, it's a dry heat!

  • AnDrewiD

    As much as we may think or want to believe BlackBerry can secure everything, they can’t. They secure corporate communications and such. There is no security (from BlackBerry or anyone else) against corporate stupidity and slackery. We might have to return to using cash only or shekel again.

    • Robert Friedman


      Or go back to using clamshell phones!

  • BlueTroll

    Taking a quick read on the proposed legislation, it sounds like the usual political approach of using a cannon to kill a fly. Starving the credit bureau of revenue won’t make things better. I don’t know about what happens in the US, but in Canada you can place a block on new lending where the credit bureau has to call you first before your credit info is given out (ie: before any new lending can be approved). I would think that would be the least disruptive to the credit bureau’s business, provide excellent protection to the individual, and give the best opportunity to catching people who are using stolen identity to commit fraud.

    • Robert Friedman

      We could learn a lesson from that BT.
      Unfortunately the credit agencies here make money from selling your data so it may be a tough road