Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Update:
- A federal judge in Ohio approved a $5.7 million settlement agreement made by Sonic Corp. to resolve claims revolving around a 2017 data breach.
- Sonic reached the class action settlement with financial institutions that argued it was negligent and bore responsibility for the data breach by allegedly failing to implement adequate data security measures at its restaurant.
- The data breach compromised the credit and debit card information of millions of customers.
- Sonic previously agreed to pay $4.3 million in a settlement made with consumers in 2018 to resolve claims related to the data breach.
Sonic data breach class action overview:
- Who: Fast-food chain Sonic is facing legal action filed by American Airlines Federal Credit Union, Redstone Federal Credit Union and Arkansas Federal Credit Union.
- What: The financial institutions allege that the drive-in eatery was negligent with consumer payments, including credit and debit card information exposed in a 2017 Sonic data breach.
- When: The consolidated class actions are pending in Ohio federal court.
(09/10/2021)
Fast-food chain Sonic must face trial after a data breach forced major financial institutions to issue new customer credit cards and reimburse funds stolen by hackers.
U.S. District Judge James S. Gwin ruled against Sonic this week, after the company had filed for an early judgement in a class action lawsuit filed by the banks.
The drive-in eatery argued that banks did not have enough proof the hack was Sonic’s fault; however, Judge Gwin ruled Sonic’s “affirmative acts created a risk of harm, and Sonic knew or should have known that the risk of hacking made its flawed security practices unreasonably dangerous.”
Sonic Drive-In data breach class action lodged by banks
American Airlines Federal Credit Union, Redstone Federal Credit Union and Arkansas Federal Credit Union brought a class action against Sonic after the fast-food company reached a $4.3 million settlement with consumers following the 2017 data breach.
In the breach, hackers accessed unencrypted credit card data from Sonic’s cash register software provider Infor. The breach was undetected for six months.
The three credit card companies, which hope to represent thousands of others, said in their class action that Sonic would have avoided the hack if it had been in compliance with its own security protocols.
A federal judge agreed with the financial institutions that Sonic did multiple things to expose the credit unions to a “high degree of risk” including leaving Infor’s remote access permanently enabled without blocking foreign IP addresses, and by creating a weak access password for the VPN which did not require multi factor authentication.
According to Judge Gwin, the chain also committed the two “affirmative acts” of using software that did not require end-to-end encryption and operating old and out of data software systems in its more than 700 franchises.
Have you eaten at a Sonic franchise before? Let us know if this data breach affected you in the comments section!
The financial institutions are represented by Brian C. Gudmundson and Michael J. Laird of Zimmerman Reed LLP; Charles H. Van Horn, Katherine M. Silverman and Lauren S. Frisch of Berman Fink Van Horn PC; Joseph P Guglielmo, Erin Green Comite and Margaret Ferron of Scott and Scott Attorneys at Law LLP; Karen Sharp Halbert and William R. Olson of Roberts Law Firm PA; and Arthur M. Murray, Stephen B. Murray Sr. and Caroline Thomas White of Murray Law Firm.
The Sonic data breach MDL is In Re: Sonic Corp. Customer Data Breach Litigation, Case No. 1:17-md-02807, in the U.S. District Court for the Northern District of Ohio.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- McDonald’s Workers Ink Settlement After Being Told to Mask with Doggy Diapers, Coffee Filters
- McDonald’s Can’t Dodge $500M Sexual Harassment Lawsuit, Judge Rules
- Judge Certifies Class Action Lawsuit Alleging Kind Falsely Advertised ‘Natural’ Nut, Granola Products
- DuPage Medical Group was Negligent With Patient Information in Data Breach, Class Action Alleges
68 thoughts on$5.7M Sonic settlement over data breach gets final approval
Please update me on this suit if any submissions are accepted.