International beauty-supply retailer Sally Beauty Supply said an investigation of a hacking attempt has revealed less than 25,000 records with payment card data was accessed.
Customer name, credit or debit card number, and the card’s expiration date and security code were affected by the breach, Sally Beauty released. Other than card numbers, “We do not believe that sensitive information such as social security numbers or dates of birth, was compromised as part of this issue,” said Denton, Texas-based Sally Beauty Holdings, in a statement.
“As experience has shown in prior data-security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation,” the retailer added. “As a result, we will not speculate as to the scope or nature of the data security incident.”
On March 5 Sally Beauty said it detected a data breach and enlisted the help of forensics firm Verizon. At the time the retailer said there was “no reason to believe there has been any loss of credit card or consumer data.”
Sally Beauty said it continues to work with Verizon as well as the US Secret Service.
The retailer will continue to post updates about the investigation. “We will be providing appropriate notifications to affected consumers and others, as necessary, as the facts develop and we learn more,” Sally Beauty said.
On the same day Sally Beauty went public with the possibility of a data breach, Brian Krebs of Krebs on Security reported a fresh batch of 282,000 stolen credit and debit cards went on sale on a popular underground crime store and three banks made targeted buybacks of the cards. Each bank determined all of the purchased cards were used within the last 10 days at Sally Beauty Supply.
Sally Beauty said it is conducting a review of all payment-card information systems while removing all malware, reviewing intrusion-detection systems and firewalls, reinforcing security tools and modifying software and security credentials.