If you’ve visited a Sonic fast food restaurant lately, you might want to check your bank statement.

According to reports, as many as five million customers may have been affected by a data breach. The breach reportedly allowed credit and debit card information to be stolen and sold on websites operated by cyber criminals.

The Wall Street Journal says Sonic’s credit card processor notified the company last week of “unusual activity” on cars that have been used at Sonic locations.

The fast food company released a statement, saying:

“The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Sonic has around 3,500 restaurants in 44 states. At this point, they don’t know which restaurants have been affected or how many customers.

The data breach come on the heels of one from Equifax that affected 143,000 American consumers.