Portland resident Michelle Vanderzanden sued fast food company Sonic in federal court on Wednesday night for allegedly failing to inform consumers that their credit card information has been compromised in a data breach.
She joins a co-plaintiff, James Carlson of Bellingham, Wash., in the class action lawsuit that asks for $2.3 billion in damages from the fast-food joint best known for its drive-in set up, rollerblading car hops and colorful slushes.
The lawsuit was filed yesterday in U.S. District Court in Portland.
It alleges that the company was aware that some customer information had been stolen, but neglected to notify those effected until the data was found being traded on the black market.
"Oregon law requires corporations to tell customers as soon as they learn their data has been hacked," says Michael Fuller, the lawyer representing Vanderzanden. "In this case it appears Sonic knew it was hacked but only came clean after its customers' data was found for sale on the dark web."
A Sonic spokesperson could not immediately be reached for comment.