Cosmetics supplies retailer Sally Beauty now says more than 25,000 records containing card data may have been illegally accessed and removed from its systems.
In a March 28 statement, the retailer does not offer a specific estimate, but says the number of potentially compromised records has grown as a result of its ongoing breach investigation. The compromised records contain card-present (track 2) payment card data, Sally Beauty says.
"As we have said previously, we will not speculate on the scope of our recent data security incident until the forensic review progresses because experience with such incidents at other retailers has taught that it is difficult to ascertain the extent of a data breach incident until the required forensic review is complete," the statement says.
The company is offering customers who may have been affected by the incident one year of credit monitoring and identity theft protection services.
Sally Beauty says it will continue to provide updates regarding the status of the investigation and the steps it will be taking to assist customers affected by the incident.
Earlier this month, the company said fewer than 25,000 records were potentially compromised following unauthorized intrusion into the company's systems (see: Sally Beauty: Card Data Was Compromised).
Initially, on March 5, the company said that, based on an investigation of the security incident, "we have no reason to believe there has been any loss of credit card or consumer data." But four card issuers told Information Security Media Group they had seen evidence of fraud tied to cards that were used at Sally Beauty, as well as other retailers (see: Sally Beauty: No Data Lost in Attack).
Now that Sally Beauty Holdings Inc. has acknowledged payment card data was exposed during a recent cyber-attack, security experts have debated whether the incident is connected to the Target Corp. and Neiman Marcus malware-related breaches (see: Sally Beauty Breach: Link to Target?).