Sally Beauty Confirms Its Second Data Breach In Just Over A Year

An ongoing investigation into unusual payment card activity at Sally Beauty stores confirmed that “an illegal intrusion has occurred,” the company confirmed in a statement released yesterday (May 14).

As of yet, the company said, there’s no update on the scope of the breach. Earlier this month, Sally Beauty began investigating card activity at some of its U.S. locations.

“We are working diligently to address the issue and to care for any customers who may have been affected by the incident,” President and CEO Chris Brickman said in a company release. Customers will not be held liable for fraudulent charges as long as they are promptly reported, the release stated.

The latest data hack echoes a security breach that bedeviled Sally Beauty in March 2014, when debit and credit card accounts of thousands of customers were compromised.  Specifically, KrebsOnSecurity reported that 260,000 credit cards were impacted in the 2014 breach. Afterwards, the company reached out to those affected by the breach and offered a free year of credit monitoring and identity theft protection.

Retailers have been among the higher profile targets of hackers in recent months and years, and marquee names have dominated the headlines. In 2013, Target found itself as the victim of a massive data breach that led to information gleaned from as many as 40 million accounts – and just last month the company announced it would settle with affected customers for $10 million. Under the terms of that pact, Target would reimburse individuals up to $10,000 each for their losses, and also provide security training to employees.

And, in a recent nod to the fact that debit cards may indeed be a gateway to fraudsters, JPMorgan Chase said that it will replace all of its customers’ debit cards with more secure chip-based cards nationwide. The firm said chips will be on as many as 70 percent of its debit cards by the end of this year.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment