Sally Beauty Supply said its early March data breach is worse than originally thought.
Denton, Texas-based Sally Beauty Holdings announced it had detected a possible breach on March 5 and said later an investigation revealed it was hacked but less than 25,000 records with payment card data were accessed.
“We now understand that a larger number of additional records containing payment card data may have been illegally accessed and removed from our systems,” Sally Beauty said in an updated statement.
The international beauty-supply retailer previously told Advisen it could not comment on whether it had cyber insurance.
Sally Beauty gives no additional information on its data breach other than: “The scope of the incident has not been fully determined,” and the retailer will “not speculate on the scope.”
On the same day Sally Beauty went public with the possibility of a data breach, Brian Krebs of Krebs on Security reported a fresh batch of 282,000 stolen credit and debit cards went on sale on a popular underground crime store and three banks made targeted buybacks of the cards. Each bank determined all of the purchased cards were used within the last 10 days at Sally Beauty Supply.
Sally beauty said it is offering a free year of credit monitoring and identity-theft protection to affected customers.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
