Cybercriminals have been extremely active lately. Nearly 143 million Americans are still dealing with Equifax's data breach, which means you're most likely impacted. If so, click here to find out what you need to do with your Social Security number immediately.
Even though the Equifax breach was so substantial, we can't take our eye off the ball and stop paying attention to other attacks. We've just learned of a massive data breach at one of the country's most popular chain restaurants and your finances could be at risk.
Has your financial information been stolen?
We're talking about the popular fast-food chain, Sonic Drive-In. There are about 3,600 Sonic locations across 45 states in the U.S.
KrebsOnSecurity recently discovered about 5 million stolen credit and debit card numbers for sale on the Dark Web. A common thread with many of the stolen cards is they were recently used to make purchases at different Sonic locations. The company later confirmed that it had recently seen unusual security activity with its point-of-sale (POS) system.
The company told Krebs, "Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC. The security of our guests' information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able."
At this time, the company does not know how many or which of its locations have been impacted by the breach. It's also unclear if other companies were part of the breach.
What you need to do following this breach
Anytime there is a massive data breach, there are steps that you need to take to make sure your information is secure. Now that we know millions of credit and debit card numbers have been exposed, take the following actions:
Keep an eye on your bank accounts
You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit and debit card information has been exposed through a data breach. If you see anything that seems strange, report it immediately. It's the best way to keep your financial accounts safe.
Set up two-factor authentication
Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. This is an extra layer of security that will help keep your accounts safe. Click here to learn how to set up two-factor authentication.
Investigate your email address
This is a critical step and it will only take a few seconds of your time. You need to find out if your credentials are part of any recent data breach. The best way to find out if you're impacted is with the Have I Been Pwned website.
It's an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest breaches. You can even set up alerts to be notified if your email address is impacted in the future. Click here to find out if your email address has been compromised.
Change your password
Whenever you hear news of a data breach, it's a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well. Read this article to help you create hack-proof passwords.
Beware of phishing scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. You need to familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.