It also said that it’s offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident.
“Our customers remain our top priority,” said Gary Winterhalter, chairman, president and CEO, in a statement. He added, “As we have said previously, we will not speculate on the scope of our recent data security incident until the forensic review progresses because experience with such incidents at other retailers has taught that it is difficult to ascertain the extent of a data breach incident until the required forensic review is complete.
The Texas-based company has been conducting an ongoing investigation ever since the news broke of the data breach, the latest in a string of retail compromises that include name-brand victims like Target and Neiman Marcus. It has engaged the Verizon forensics team to get to the bottom of the compromise, and is working with the US Secret Service on a preliminary investigation.
The information that may have been lifted includes card-present (Track 2) payment card data, which is the information used by ATMs and point-of-sale software to authorize purchases, and it usually includes encrypted PINs. The other information includes customers’ names, credit and debit card numbers, and CVV code on the back of the card. Social security numbers or dates of birth were likely not breached, the company has previously said.
While the company itself is not speculating on the scope of the breach, the potential is large: Sally Beauty maintains some 2,600 stores, and the company has stores in every US state. Security researcher Brian Krebs said last month that more than a quarter-million records could have been compromised.
“On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store,” he said. “Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers.”
It remains to be seen how deep the beauty mark runs, so to speak, but the company has pledged to keep the public abreast of developments.
“We will continue to provide updates regarding the status of the investigation and the steps we will be taking to assist any customers who may have been affected by the incident through our website, sallybeautyholdings.com,” Winterhalter said. “We will provide appropriate notifications to customers who may have been affected by the incident and others as the facts develop and we learn more.”