[BreachExchange] Sonic settlement approved in 2017 fast food data breach

Destry Winant destry at riskbasedsecurity.com
Wed Aug 14 10:24:46 EDT 2019


The U.S. District Court in Cleveland approved a $4.3 million final
settlement in connection with a 2017 data breach of Sonic Corp. fast
food restaurants, although it slightly reduced the amount of attorneys
fees requested.

Oklahoma City-based Sonic, which was acquired by Atlanta-based Inspire
Brands Inc. last year, estimates there are about 1.5 million
settlement class members, according to Monday’s District Court filing
in In Re: Sonic Corp. Customer Data Security Breach.

The settlement class includes those who used a debit or credit card
purchase at one of 325 involved Sonic Drive-In locations between April
7, 2017 and Oct. 28, 2017.

Some class representatives alleged they had experienced unauthorized
charges to their payment cards because of the breach, although each
received complete reimbursement from their banks.

They also alleged they spent time dealing with issues related to their
compromised credit or debit cards, and most continued to spend time
checking their accounts, according to the filing.

The court did decrease the requested legal fees to $1.3 million from
$1.4 million.

It cited as a factor lead counsel Oklahoma City-based Federman &
Sherwood’s average billing rate of $553 an hour, when attorneys fees
surveys indicate Oklahoma City-based attorneys handling class actions
had a median billing rate of $300 an hour in 2016.

A Sonic spokesman and attorneys in the case could not immediately be
reached for comment.

Experts say Capital One Financial Corp.’s massive data breach could
have a ripple effect throughout the cyber liability insurance

More information about the BreachExchange mailing list