Sally Beauty Investigating Second Data Breach

Sally Beauty is investigating a potential data breach for the second time in as many years, according to a Brian Krebs report.

Sally Beauty Supply, a seller of beauty products in the U.S., says it is investigating reports of fraudulent activities involving payment cards used at some of the chain’s retail locations. In March 2014, Sally Beauty admitted that hackers compromised its payment systems, exposing the sensitive payment information of some 25,000 customers.

The breach was first reported by Brian Krebs of Krebs on Security. Krebs claims that sources within the financial industry informed him last week that a number of malicious charges had popped up around the country and that Sally Beauty Supplies appeared to be the common thread among all the fraudulently used cards.

A Sally Beauty employee who wished to remain unnamed reportedly told Krebs that the company sent out an urgent alert to all employees, telling them to direct any breach-related customer questions to the company website or customer service desk. The employee said that he had seen a similar e-mail only once before, following the 2014 breach.

“Sally Beauty Holdings, Inc. is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores,” the Denton, Texas retailer wrote in a press release. “Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected.”

The company went on to say that it has not yet determined the scope of the incident and, in fact, has not yet admitted that an attack actually occurred.

Krebs explains that the possibility exists that Sally Beauty could be the victim of a separate, broader breach of some point-of-sale vendor, such as Harbortouch. However, he notes that one source in the financial industry told him there is very little overlap between the Harbortouch and Sally Beauty incidents.

Sally Beauty Supply photo via Brave New Films’s Flickr photostream, Creative Commons

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.