Sonic Settles Data Breach Negligence Case


Judge James Gwin has approved a class-action settlement between Sonic Corporation and a number of financial institutions. Sonic has agreed to pay $5.73 million to settle claims that their negligence led to a 2017 data breach, which compromised customers’ payment information. 

Court documents recount that in 2017, Sonic suffered a data breach which exposed customers’ payment data. Numerous suits ensued from affected individuals, which were then consolidated and settled. This case is unique in that the financial institutions themselves demanded recompense for the actions they had to take to protect their customers.

After months of negotiation mediated by Magistrate Judge Jonathan Greenberg, the parties agreed on the final number taking into account complexity of the case, chance of winning an award through a jury trial, and reasonable attorney’s fees.

In Judge Gwin’s order, he finds that the settlement amount is reasonable. It includes up to $2.2 million in attorney’s fees and expenses, a significant discount from class counsel’s lodestar calculation of $7.7 million. Furthermore, the settlement accounts for up to $500,000 in administration costs, and up to $30,000 in class-representative incentive awards, though the order caps the lead plaintiffs awards at $7,500, short of their request for $10,000. For reference, per their 2018 10-K form, Sonic drive-in locations made $4.5 billion in sales. 

Of the over 5,000 potential class members, none objected and only two opted out of receiving rewards.

This case took place in the Northern District of Ohio. Lead plaintiffs were represented by Zimmerman Reed, LLP; Berman Fink Van Horn, PC; Scott + Scott Attorneys at Law, LLP; Roberts Law Firm, PA; and Murray Law Firm.  Sonic was represented by Sheppard Mullin Richter & Hampton, LLP.