Sally Beauty investigates breach, no evidence of stolen payment cards

Share this article:

A weeks-old attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide beauty supplies retailer – despite reports that suggest otherwise.

“We have no evidence that payment card or consumer data was taken,” Karen Fugate, a Sally Beauty spokeswoman, told SCMagazine.com on Wednesday.

Technology journalist Brian Krebs reported on Wednesday that 282,000 credit and debit cards – which were posted for sale on a popular online underground crime market on March 2 – had been purloined from Sally Beauty. Krebs wrote that three different banks purchased cards from the cache and determined that purchases made in Sally Beauty stores was the common point of compromise.

“This article only implies that 15 cards were [used at] Sally Beauty,” Fugate said.

A couple of weeks ago, a Tripwire system used by Sally Beauty detected an attempted intrusion, Fugate said, explaining Sally Beauty quickly shut down systems at the time and investigated the situation.

Sally Beauty enlisted the services of Verizon Enterprise Solutions to investigate the incident and the issue was fixed before any problems could arise, Fugate said, adding that while an investigation is still ongoing, business operations are running normally.

In a Wednesday statement emailed to SCMagazine.com, Dwayne Melancon, chief technology officer with Tripwire, said that establishing a system to continuously monitor the IT networks helped Sally Beauty prevent a breach from occurring.

“An interesting aspect of this incident is that the company shut off external communications once they received the alert that something was wrong,” Melancon said. “It seems that many organizations that suffer a breach are inclined to leave their systems up and running, rather than contain their losses by turning off services which, in some situations, could be a better response.”

U.S. retailer breaches involving large amounts of payment card data have been on the rise in the past few months. Target and Neiman Marcus are among companies that have confirmed breaches, but others, including Michaels and Sears, have only said that investigations of possible breaches are ongoing.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.