Related Stories

  • 44% of Financial Accounts Have Been Affected By Data Compromise
    Data breaches at Target and other retailers have been making headlines, but it turns out that financial institutions are finding their operations increasingly impacted as well. A survey by ACI Worldwide of financial industry professionals found that a full 44% of customer accounts have been compromised.
  • Sally Beauty Supply Endures the Latest Retail Data Breach
    Security isn’t a cosmetic concern, as we’re seeing from the latest retail data breach report. Following the disclosure of an unauthorized attempted intrusion into its network on March 5, Sally Beauty Supply has reported that it has indeed suffered a data breach as well.
  • Target CIO Resigns in Wake of Breach
    Target is cleaning house in the wake of the massive data breach that affected 110 million in-store customers during the 2013 holiday season. The retailer’s CIO, Beth Jacob, has resigned.
  • Stuck in a Jam: Smucker's Suffers Data Breach
    For the JM Smucker jam and jelly company, life isn’t so sweet at the moment: attackers have managed to get into the company’s online ordering system, lifting personal information on customers. In the aftermath, the company has shuttered its online store.
  • Senators Introduce Bill to Protect Against Data Breaches
    Following the recent major breaches at numerous US retail companies, four leading Democrat senators have introduced new legislation, the Data Security and Breach Notification Act, designed to charge the FTC with developing 'robust but flexible' security rules that would be required of all businesses that hold consumers' personal information.
  • Michaels Investigates Possible Data Breach
    Hard on the heels of Target and Neiman Marcus being hit with point-of-sale cyber-heists, another retailer is warning of a potential data breach. The arts-and-crafts supply purveyor Michaels has confirmed that it is working with the US Secret Service to investigate whether fraudulent activity on some payment cards used at its stores is a sign of a larger compromise of its systems.

Top 5 Stories


Sally Beauty Data Breach Larger than Originally Thought

01 April 2014

The Sally Beauty data breach is likely larger than the 25,000 records the cosmetic supply company originally thought had been compromised. It has issued a statement noting that the unauthorized intrusion into its network it detected on March 5 may have affected a larger number of additional records containing payment card data.

It also said that it’s offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident.

“Our customers remain our top priority,” said Gary Winterhalter, chairman, president and CEO, in a statement. He added, “As we have said previously, we will not speculate on the scope of our recent data security incident until the forensic review progresses because experience with such incidents at other retailers has taught that it is difficult to ascertain the extent of a data breach incident until the required forensic review is complete.

The Texas-based company has been conducting an ongoing investigation ever since the news broke of the data breach, the latest in a string of retail compromises that include name-brand victims like Target and Neiman Marcus. It has engaged the Verizon forensics team to get to the bottom of the compromise, and is working with the US Secret Service on a preliminary investigation.

The information that may have been lifted includes card-present (Track 2) payment card data, which is the information used by ATMs and point-of-sale software to authorize purchases, and it usually includes encrypted PINs. The other information includes customers’ names, credit and debit card numbers, and CVV code on the back of the card. Social security numbers or dates of birth were likely not breached, the company has previously said.

While the company itself is not speculating on the scope of the breach, the potential is large: Sally Beauty maintains some 2,600 stores, and the company has stores in every US state. Security researcher Brian Krebs said last month that more than a quarter-million records could have been compromised.

“On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store,” he said. “Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers.”

It remains to be seen how deep the beauty mark runs, so to speak, but the company has pledged to keep the public abreast of developments.

“We will continue to provide updates regarding the status of the investigation and the steps we will be taking to assist any customers who may have been affected by the incident through our website,,” Winterhalter said. “We will provide appropriate notifications to customers who may have been affected by the incident and others as the facts develop and we learn more.”

This article is featured in:
Data Loss  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×