US-based cosmetics and beauty retailer ‘Sally Beauty
Holdings Inc.’ confirmed a possible data breach for the second time in a year,
as it investigates reports of “unusual activity involving payment cards” in
some of its stores.
After the reports, the Denton-based company said in a
statement that it has been working with law enforcement and its credit card
processor to ensure that the customers are protected from a possible data
breach. It has also launched a comprehensive inquiry along with a forensic expert
to gather data about this incident.
“Until this investigation is completed, it is
difficult to determine with certainty the scope or nature of any potential
incident, but we will continue to work vigilantly to address any potential
issues that may affect our customers,” the statement reads.
The company reported its first violation of data
in March when about 25,000 customers were affected. It was found that hackers
had broken into Sally Beauty’s network and stolen at least 282,000 cards from
the retailer.
 |
| The advertisement run by thieves who stole the Sally Beauty card data. (pic courtesy- Google images) |
Three different banks contacted by KrebsOnSecurity made targeted
purchases from this store, buying back cards they had previously issued to
customers. The banks then wanted to find out whether all of the cards they
bought had been used at the same merchant over the same time period. Each bank
reported that all the cards had been used at Sally Beauty locations across the
United States.
 |
| (picture courtesy- Google images) |
Meanwhile, Edelman is aiding the beauty products chain as David Chamberlin, executive VP for Edelman
in Dallas heading its data security and privacy group, leads the SBH account.
With revenues of $3.8 Billion
annually, Sally Beauty distributes beauty products through
4,900 stores in more than a dozen countries including the United States, The
United Kingdom, Brazil, Peru, Chile, Colombia, Belgium, France and Canada.
