A drive-in fast food restaurant by Sonic Corp. is seen in San Diego, California, U.S. June 22, 2016. REUTERS/Mike Blake

(Reuters) - U.S. fast-food chain operator Sonic Corp SONC.O said on Wednesday a malware attack at some of its drive-in outlets may have allowed hackers to access customers' debit and credit card information, the latest in a string of data breaches.

Sonic’s shares fell 2 percent to $24.73 in afternoon trading.

The drive-in chain, which operates across 45 U.S. states, did not disclose how many store payment systems have been affected.

Cybersecurity blog KrebsOnSecurity first reported the news last week and added that the activity may have led to millions of stolen credit and debit card numbers being sold in underground exchanges. (bit.ly/2xve25F)

In wake of the breach, Sonic said it would offer affected customers free identity theft protection.

Upscale grocer Whole Foods, which Amazon AMZN.O recently purchased for $13.7 billion, said last week that payment card information had been stolen from taprooms, restaurants and other venues located within some of its stores.

Credit reporting firm Equifax Inc EFX.N had disclosed last month that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July, in one of the largest data breaches in the country.