Sonic Data Breach Financial Institutions Settlement

Capital One Settlement Over Data Breach

The owners of Sonic restaurants have agreed to resolve claims from financial institutions by paying up to $5.73 million. According to the claims, a 2017 data breach forced financial institutions to issue new payment cards to their customers. A third-party cyberattack targeted the point-of-sale systems of Sonic Drive-Ins after which alerts were sent out by MasterCard, Visa, or Discover. Class members constitute clients of Redstone Federal Credit Union, American Airlines Federal Credit Union, and Arkansas Federal Credit Union who were issued a new payment card in the aftermath of the Sonic Corp. data breach that took place between 7th April and 28th October 2017.

Settlement Website:
Exclusion Deadline: 09/07/2022
Claim Form:
Deadline For Submitting Claim Form: 09/07/2022
Final Hearing Date: 10/06/2022
Settlement Amount: $5.73 million
Potential Claim Amount: Not yet decided
Proof Of Purchase: Information on the payment account numbers

Sonic is a chain of drive-in fast-food restaurants spread around more than 3500 locations in the United States. The company underwent a data breach because of which financial institutions had to reissue new payment cards. Plaintiffs alleged that hackers attacked point-of-sale systems with inadequate security precautions between 7th April 2017 and 28th October 2017 at certain Sonic drive-in restaurants. This enabled the hackers to steal confidential payment card data every time the customers used their debit or credit cards. Though Sonic Defendants deny any wrongdoing or negligence and assert that they had adequate safeguards in place, they have agreed to honor the class action claim to prevent prolonged litigation.

The consumers from Arkansas Federal Credit Union, American Airlines Federal Credit Union and Redstone Federal Credit Union whose cards were impacted by the data breach are eligible to receive one of the two compensations:

  • Reissuance payment of $1 for each payment card issued following the Sonic data breach.
  • Fraud payment of $1.50 for each payment card that experienced fraud within the four-week window after being placed on alert following the data breach.

Consumers will not receive both payments for the same card. Out of the $5.73 million settlement, $2.2 million will be used for paying attorney fees and other costs, up to $30000 will be used to pay service awards to class representatives and $500000 will go into covering the costs of settlement administration. The remaining $3 million will be utilized in honoring the valid claims of class members. Once a class member excludes themself from the settlement, they won’t be eligible to get any money from the Sonic Corp. consumer data breach class action settlement.