Sonic Data Breach Class Action: Company Didn’t Safeguard Customer Info

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Another Sonic data breach class action lawsuit has been filed over a cybersecurity incident that allegedly resulted in the theft of consumers’ personally identifiable information, including credit and debit card numbers.

Plaintiff Meagan MacKay filed the Sonic class action lawsuit Monday in Arizona federal court, claiming the popular drive-in fast food restaurant failed to adequately safeguard its customers’ data and put them at risk of fraud and identity theft.

MacKay points to other recent data breaches, including those of Sonic competitors Wendy’s and Chipotle, to show that Sonic was aware of the risks and failed to take additional precautions to ensure the protection of customers’ financial data.

According to the data breach class action lawsuit, Sonic failed to “take adequate and reasonable measures to ensure its data systems were protected,” failed to disclose to consumers that its security practices and computer systems could not adequately protect consumer information, failed to prevent the breach, and failed to detect the Sonic data breach on a timely basis.

As a result, MacKay alleges, the personally identifiable information (PII) of Sonic customers is vulnerable to misuse by criminals. She says that she, and putative Class Members, are more likely to be harmed by the unauthorized use of their PII, the theft of their personal and financial information, costs associated with identity theft protection, costs associated with the unauthorized use of their financial accounts, time and money spent in effort to mitigate the situation, and other losses allegedly stemming from the Sonic data breach.

“The injuries to the Plaintiff and Class members were directly and proximately caused by Sonic’s failure to implement or maintain adequate data security measures for PII,” the Sonic class action lawsuit says.

According to the Sonic data breach class action lawsuit, MacKay is a regular customer at several Sonic restaurants and often pays with a debit card. On Sept. 20, 2017, her bank account was allegedly depleted when her debit card was used to make $69.29 in fraudulent charges.

When she reported the fraudulent charges to her bank, she was allegedly informed that her information was compromised in the Sonic data breach. Although the money was returned to her, she says she was unable to access and use the funds in her account while the bank investigated the fraud.

MacKay says that she has spent approximately 10 hours working with her bank to resolve the fraudulent charges and checking her account statements frequently for signs of other fraudulent activity.

The Sonic data breach was filed on behalf of MacKay and a proposed Class of Arizona residents whose PII was compromised in the Sonic data breach.

MacKay is seeking statutory damages, reimbursement of out-of-pocket losses and other compensatory damages, credit monitoring and identity theft insurance, an order requiring Sonic to improve its data security measures, and other injunctive relief.

Sonic was hit with the first data breach class action lawsuit in Oregon federal court just days after the data breach was disclosed in late September.

MacKay is represented by Hart L. Robinovitch of Zimmerman Reed LLP.

The Sonic Data Breach Class Action Lawsuit is Meagan MacKay v. Sonic Corp., et al., Case No. 2:17-cv-04166-DJH, in the U.S. District Court for the District of Arizona.

UPDATE: On Oct. 10, 2018, Sonic agreed to pay $4.3 million to exit multiple class action lawsuits alleging the fast food company failed to properly protect customer data that was exposed in a data breach.

UPDATE 2: January 2019, the Sonic data breach class action settlement is now open. Click here to file a claim.

UPDATE 3: On Nov. 14, 2019, Top Class Actions viewers started receiving checks in the mail worth $129.76 from the Sonic data breach settlement. Congratulations to everyone who filed a valid claim and got PAID!