Sally Beauty changes tune, says customer data was accessed in breach

Share this article:
Millions used '123456' as a password in breach affecting 42 million
The chain now says fewer than 25,000 records were "illegally accessed."

After initially finding “no evidence” that customer card data was taken after a breach, Sally Beauty has now confirmed that fewer than 25,000 records containing card data were illegally accessed by intruders.

On Monday, the Texas-based beauty supplies retailer released a statement on its website updating the public on the “data incident.”

“At the time of this discovery, we immediately engaged a top-tier forensics firm (Verizon) to investigate this security incident,” the statement said. “As a result of this ongoing investigation, we have now discovered evidence that fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed on our systems and we believe it may have been removed.”

In a Q&A section, the company said it believed that customer names, credit or debit card numbers, card expiration dates and CVV codes were impacted. It added that PIN data “should not be at risk,” as it does not collect that information.

Almost two weeks ago, Sally Beauty confirmed that it had detected an attempted intrusion on its systems, but that it had “no reason to believe there [had] been any loss of credit card or consumer data.” 

The response came the same day that security journalist Brian Krebs reported that 282,000 credit and debit cards – which were posted for sale on a popular online underground crime market on March 2 – had been purloined from Sally Beauty.

Krebs wrote that three different banks purchased cards from the cache and determined that purchases made in Sally Beauty stores was the common point of compromise. Through his investigations, he also concluded that the same group of attackers that carried out the massive card heist on Target during the holidays, was likely behind the data theft hitting Sally Beauty.

In its Monday statement, Sally Beauty said that customers could check its website in the coming days to get updates on the investigation and steps it would take to assist affected customers.

Headquartered in Denton, Texas, Sally Beauty is a global company that sells and distributes professional beauty products throughout more than 4,600 stores in the United States, U.K., Canada, and other countries. In addition to working with Verizon on the data breach investigation, the company is also working with the U.S. Secret Service.

Share this article:

Sign up to our newsletters

More in News

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites ...

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year ...

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.