Twelve days after acknowledging that someone attempted to breach its system, Sally Beauty Supply confirmed this week that an attacker was able to penetrate the company and make off with fewer than 25,000 records of its customers’ sensitive banking information.

The chain’s parent company Sally Beauty Holdings, Inc. posted a statement on its site Monday morning that it had detected an “unauthorized attempted intrusion” into its network back on March 5 and that it immediately recruited Verizon Enterprise Solutions to look into the incident.

Once engaged, Verizon discovered that “fewer than 25,000 records containing card-present (track 2) payment card data” had been accessed and possibly removed from the breached system. Track 2 data is the banking information most commonly parsed by ATMs and credit card checkers; it normally includes information about the user’s account and encrypted PIN.

The company confirmed in a FAQ that for this incident the stolen data includes customers’ names, credit or debit card numbers, and the three digit numbers on the back of cards known as the CVV. Sally Beauty claims it doesn’t store its customers’ PIN numbers, insisting that those shouldn’t be at risk and that the company doesn’t believe that customers’ social security numbers or dates of birth were breached either.

Sally Beauty Supplies, a Texas-based distributor of professional beauty supplies with around 2,700 locations in North America, cited an ongoing investigation when asked to comment on any specifics regarding the breach’s scope.

“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation.”

Until the investigation is wrapped up Sally Beauty Supply is asking customers to check their bank statements for fraudulent activity and remain vigilant of phishing attacks.

The confirmation follows a report from Krebs on Security’s Brian Krebs from earlier this month that hackers broke into Sally Beauty Supply’s system and stole as many as 282,000 cards from the retailer.

It was about two weeks ago that a handful of banks purchased some of those cards from the same fraud website that was also peddling cards stolen in the Target breach. The banks discovered the cards had been used at a Sally Beauty Supply store within 10 days prior, which tipped off the banks, and Krebs, who had been looking at the fraud site’s stolen data, to the connection.

Sally Beauty Supply photo via Brave New Films‘s Flickr photostream, Creative Commons

Categories: Data Breaches

Comments (2)

    • Brian Donohue
      2

      Betty,

      I can’t find an exact date. I read somewhere that Sally Beauty’s security systems detected an anomaly on February 25. If I were you, I would play it safe and replace the card out of an abundance of caution.

      -Brian

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>