Sonic Corp. has reached a $4.3 million deal to settle claims with customers whose credit and debit card information was exposed in a 2017 data breach.

The drive-in burger chain allegedly failed to take adequate security measures to prevent a third-party cyberattack on its payment system at 325 of its locations. The malware attack exposed the credit and debit card information of customers who made purchases at the locations between April 7, 2017 and Oct. 28, 2017, according to the...