Top 5 Stories


Sally Beauty Data Breach Larger than Originally Thought

01 April 2014

The Sally Beauty data breach is likely larger than the 25,000 records the cosmetic supply company originally thought had been compromised. It has issued a statement noting that the unauthorized intrusion into its network it detected on March 5 may have affected a larger number of additional records containing payment card data.

It also said that it’s offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident.

“Our customers remain our top priority,” said Gary Winterhalter, chairman, president and CEO, in a statement. He added, “As we have said previously, we will not speculate on the scope of our recent data security incident until the forensic review progresses because experience with such incidents at other retailers has taught that it is difficult to ascertain the extent of a data breach incident until the required forensic review is complete.

The Texas-based company has been conducting an ongoing investigation ever since the news broke of the data breach, the latest in a string of retail compromises that include name-brand victims like Target and Neiman Marcus. It has engaged the Verizon forensics team to get to the bottom of the compromise, and is working with the US Secret Service on a preliminary investigation.

The information that may have been lifted includes card-present (Track 2) payment card data, which is the information used by ATMs and point-of-sale software to authorize purchases, and it usually includes encrypted PINs. The other information includes customers’ names, credit and debit card numbers, and CVV code on the back of the card. Social security numbers or dates of birth were likely not breached, the company has previously said.

While the company itself is not speculating on the scope of the breach, the potential is large: Sally Beauty maintains some 2,600 stores, and the company has stores in every US state. Security researcher Brian Krebs said last month that more than a quarter-million records could have been compromised.

“On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store,” he said. “Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers.”

It remains to be seen how deep the beauty mark runs, so to speak, but the company has pledged to keep the public abreast of developments.

“We will continue to provide updates regarding the status of the investigation and the steps we will be taking to assist any customers who may have been affected by the incident through our website,,” Winterhalter said. “We will provide appropriate notifications to customers who may have been affected by the incident and others as the facts develop and we learn more.”

This article is featured in:
Data Loss  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×