Sally Beauty confirms malware on POS systems
Free identity protection and credit monitoring services are being offered to anyone who used a payment card at a U.S. Sally Beauty store between the affected dates.
After confirming earlier this month that an illegal intrusion into its payment card systems had occurred, Texas-based international beauty supplies retailer Sally Beauty announced on Thursday that malware was deployed on some of its point-of-sale (POS) systems at varying times between March 6 and April 17.
As a result, payment card information is potentially at risk, including names, credit and debit card numbers, expiration dates, cardholder verification values, and service codes, a Thursday release indicated. PIN data is not stored by Sally Beauty and is not believed to be affected.
“We have taken aggressive steps to respond to this incident and have eliminated the malware from all Sally Beauty point-of-sale systems,” according to a FAQ, which added that anyone who used a payment card in a U.S. Sally Beauty store during the affected time period is being offered free identity protection and credit monitoring services.
Sally Beauty began investigating the incident in late April, not long after receiving reports of unusual card activity involving payment cards used in some of its U.S. stores.
Due to an ongoing investigation, Sally Beauty could not say if the breach is connected to a similar 2014 incident in which the company announced that fewer than 25,000 records containing payment card data were illegally accessed by intruders and may have been removed.
In a statement emailed to SCMagazine.com on Friday, Brad Cyprus, chief of security and compliance at Netsurion, said that the confirmation that malware was used is not surprising, and illustrates how attackers are not using new attack methods.
“There are solutions to prevent malware attacks, and they include retailers always taking steps to protect a location's incoming internet traffic, implementing secure remote access, keeping anti-malware software up-to-date, updating the POS as security patches are released, and limiting outbound internet traffic to decrease their chances of becoming the next headline.”