Reuters reports Sonic's credit card processor told the company earlier this week of the activity. The report said SONIC has confirmed the breach and says its efforts are ongoing as it works to "understand the nature and scope of the issue".
The fast-food chain said they have gotten third-party forensic experts and law enforcement involved, and would share more information as they are able to within the limits of the law.
It's unclear if Sonic is the only common tie for card carriers or if this is the tip of the iceberg for a much larger issue.
The Oklahoma City drive-through chain says it looks like hackers gained access to millions of credit and debit card numbers.
Sonic has over 3,500 restaurants across the USA, including 17 in New Jersey, 15 in NY and four in CT.
Stock at Sonic dropped the most in almost two months after it disclosed the breach.
With 3,600 locations across the U.S., Sonic does not yet know how many restaurants or individuals have been affected.
Rubenstein says the security of customer information is "very important" to Sonic.
Dangers of breaches by hackers was thrust into the spotlight earlier this month after a credit reporting agency Equifax announced personal data of over 143 million people in the US had been exposed.