CBS Local — Customers of the fast food chain Sonic may be the victims of another credit card data breach being made public. According to reports, as many as five million customers could possibly have been affected by the breach.

The latest security breakdown reportedly allowed credit and debit card information to be stolen and sold on websites operated by cyber-criminals. Reporters for security news website KrebsOnSecurity say the accounts were, “peddled in shadowy underground cybercrime stores.” The disturbing report adds that millions of the stolen cards have been linked to a breach at Sonic Drive-In. The account numbers were tracked down to a credit card theft market called Joker’s Stash after they were posted in September.

Sonic has released a statement responding to the reported incident:

“The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

The invasion of privacy may have affected customers across that entire country as Sonic operates over 3,000 fast food drive-ins in 45 states. The data breach is the latest security bombshell to rock consumers. 143 million American consumers had their personal information exposed by a data breach at Equifax, one of the nation’s major credit reporting agencies.