It’s a day of the week ending in “y,” which can only mean one thing: Another national company’s payment system has been compromised. This time, it’s the Sonic Drive-In fast food chain, where potentially millions of credit card numbers may have been stolen.

KrebsOnSecurity.com confirmed the breach with Sonic earlier today, after recently coming across a for-sale stash of around 5 million stolen credit card numbers. According to Krebs, a common link for some of these purloined credit card numbers was that they had recently been used to make purchases at Sonic.

It’s not clear yet whether all 5 million cards for sale in that batch were stolen from the same source, or if they were taken from multiple sources.

When reached for comment by Consumerist, Sonic provided a statement identical to the one it initially gave to Krebs, saying that it learned last week from its credit card processor that there was “unusual activity” tied to cards that had been used at the fast food chain.

“We are working to understand the nature and scope of this issue, as we know how important this is to our guests,” reads the statement. “We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.