Sonic Burger Breach Class Claims All Sent to Ohio Federal Court

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Drive-in burger chain Sonic Corp. will have to defend class claims combined in federal court in Ohio that allege its lax data security let hackers steal payment card and other consumer information.

Judge Sarah S. Vance, sitting on the Judicial Panel for Multidistrict Litigation, said in the panel’s order that the U.S. District Court for the Northern District of Ohio is a “centrally-located and easily accessible location” to hear the litigation involving five actions pending in the Districts of Nevada and Oregon, and the Western District of Oklahoma.

According to the plaintiffs, Sonic is the largest drive-in restaurant chain in the U.S., with more than 3,500 restaurants in 44 states. Sonic announced in September that its payment system had been breached, potentially compromising up to 5 million credit and debit cards.

Granting the motion to centralize the cases, Judge Vance said that the “factual overlap among these actions is substantial, as they all arise from the same data breach, and all allege that Sonic failed to put in place reasonable data protections.”

The multidistrict panel included also included judges Marjorie O. Rendell, R. David Proctor, Charles R. Breyer, and Catherine D. Perry.

Judge James S. Gwin of the Northern District of Ohio was assigned to handle pretrial proceedings for the consolidated litigation.

The case is In re Sonic Corp. Customer Data Sec. Breach Litig. , 2017 BL 436787, J.P.M.L., No. 2807, 12/6/17

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Full text of the opinion is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security