DALLAS–American Airlines FCU has filed a lawsuit against Sonic restaurants over a data breach. The suit seeks at least $5 million in damages, as well as class action status.
As CUToday.info reported here, in 2017 the company, which has more than 3,600 outlets nationally, confirmed it had been compromised. The breach was originally reported by KrebsOnSecurity.
In its suit, American Airlines Federal Credit Union alleges Sonic failed to protect its point of sale systems or update them with current technology, and as a result hackers were able to use malware to infiltrate the systems and steal cardholder information.
"At the time of the breach, nearly a quarter of Sonic’s restaurants used POS systems that were nearly thirty years old. Sonic implemented and utilized operating systems and programs that no longer received security updates, rendering them unable to effectively prevent data breaches," the lawsuit alleges.
Seeking to Recover Costs
As has been the case with other breaches, American Airlines FCU said it was forced to cancel and reissue cards, block transactions, refund affected members and increase fraud monitoring efforts. Those factors, along with a resulting decline in card usage by members in the wake of the breach, led to increases expenses and lost income for AARCU, it alleged.
The suit was filed in federal court in the Western District of Oklahoma. Sonic is headquartered in Oklahoma City.
The credit union’s lawsuit follows a settlement by Sonic in a separate lawsuit filed by customers of Sonic. In that suit the company agreed to pay as much as $4.3 million, with affected customers receiving between $10 and $40 each.