Sally Beauty: No Data Lost in Attack

Retailer Acknowledges POS Network Was Hit
Sally Beauty: No Data Lost in Attack

Despite certain evidence that suggests a possible breach at Sally Beauty Supply, the retailer maintains that a recent cyber-attack against its point-of-sale network did not expose card data.

See Also: Gartner Market Guide for DFIR Retainer Services

"As a result of our ongoing investigation, which included assistance from a top-tier security firm, we have no reason to believe there has been any loss of credit card or consumer data," Sally Beauty says in a statement issued March 5. "We will continue to investigate and actively monitor this situation."

Asked to provide an update on March 6, a company spokesperson told Information Security Media Group: "Nothing's changed. There's no reason to believe there's been any compromise of customer data or credit card data."

Sally Beauty operates approximately 4,500 stores worldwide and had $3.6 billion in sales in 2013.

Four card issuers tell Information Security Media Group they've seen evidence of fraud tied to cards that were used at Sally Beauty, as well as other retailers. But they say it's too soon to definitively say whether cards were exposed in a breach of Sally Beauty's POS network because consumers use cards at so many different retailers.

Fraud expert Avivah Litan of Gartner Research says she's also hearing from card issuers that "there are indicators that card data was compromised" for cards used at Sally Beauty.

On March 2, a fresh batch of account details for 282,000 stolen credit and debit card went on sale in an underground crime store, according to security blogger Brian Krebs. Three different banks contacted by Krebs made targeted purchases from the underground store, buying back information for some cards previously issued to customers. The banks reported that those cards had been used within the last 10 days at Sally Beauty locations across the U.S.

Other Breaches

On Feb. 28, the Secret Service confirmed to Bloomberg News that it was investigating a potential attack against Sears. But in a statement to Information Security Media Group, Sears said its internal investigation had so far found no indication that its network had even been attacked, much less breached.

In late January, card issuers reported that fraudulent card activity also suggested a breach at Texas-based arts and crafts retailer Michaels. Michaels said it was investigating the claims, although no evidence of a breach had yet been detected.

The latest news about potential retailer breaches comes in the wake of breaches against Target Corp. and Neiman Marcus.

On Dec. 23, Target confirmed malware was to blame for an infection of its point-of-sale system that likely exposed details associated with 40 million debit and credit cards between Nov. 27 and Dec. 15. The breach also affected personal information on up to 70 million customers.

On Jan. 22, Neiman Marcus acknowledged that a POS breach likely compromised debit and credit transactions dating back to July 2013. Originally, Neiman Marcus estimated some 1 million cards were likely exposed; in late February, however, the retailer issued a revised estimated total of approximately 350,000 compromised accounts. (see: Neiman Marcus Downsizes Breach Estimate).

(News Writer Jeffrey Roman contributed to this story.)


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.