After initially finding “no evidence” that customer card data was taken after a breach, Sally Beauty has now confirmed that fewer than 25,000 records containing card data were illegally accessed by intruders.

On Monday, the Texas-based beauty supplies retailer released a statement on its website updating the public on the “data incident.”

“At the time of this discovery, we immediately engaged a top-tier forensics firm (Verizon) to investigate this security incident,” the statement said. “As a result of this ongoing investigation, we have now discovered evidence that fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed on our systems and we believe it may have been removed.”

In a Q&A section, the company said it believed that customer names, credit or debit card numbers, card expiration dates and CVV codes were impacted. It added that PIN data “should not be at risk,” as it does not collect that information.

Almost two weeks ago, Sally Beauty confirmed that it had detected an attempted intrusion on its systems, but that it had “no reason to believe there [had] been any loss of credit card or consumer data.” 

The response came the same day that security journalist Brian Krebs reported that 282,000 credit and debit cards – which were posted for sale on a popular online underground crime market on March 2 – had been purloined from Sally Beauty.

Krebs wrote that three different banks purchased cards from the cache and determined that purchases made in Sally Beauty stores was the common point of compromise. Through his investigations, he also concluded that the same group of attackers that carried out the massive card heist on Target during the holidays, was likely behind the data theft hitting Sally Beauty.

In its Monday statement, Sally Beauty said that customers could check its website in the coming days to get updates on the investigation and steps it would take to assist affected customers.

Headquartered in Denton, Texas, Sally Beauty is a global company that sells and distributes professional beauty products throughout more than 4,600 stores in the United States, U.K., Canada, and other countries. In addition to working with Verizon on the data breach investigation, the company is also working with the U.S. Secret Service.