Sally Beauty Investigating Security Breaches

Retailer reports recent system intrusions
Posted March 6, 2014

Sally Beauty Holdings Inc. (Denton, Texas) said it is investigating a possible security breach that may have resulted in hundreds of thousands of stolen customer credit cards.

The retailer operates 3300 Sally Beauty Supply stores in the U.S.

An independent security blogger named Brian Krebs noted this week that a fresh batch of 282,000 stolen credit and debit cards had gone on sale in an underground crime store, and 15 of them were used recently at Sally Beauty.

A Sally Beauty spokesperson said its intrusion detection technology, called TripWire, had identified an intrusion into its systems. In response, Sally Beauty shut down all incoming communications to the retailer’s systems and hired a forensics team from Verizon, which has been investigating recent breaches at Target and other companies.

No fraudulent activity on customers’ credit cards has yet been detected by Verizon, company officials or forensics efforts.

“We have yet to find any evidence that customers’ credit card data has been compromised,” the spokesperson said.

The U.S. Secret Service, which has been conducting an inquiry into recent breaches at Target, Neiman Marcus and others, said it was not investigating a breach at Sally Beauty.

If the breach is confirmed, Sally Beauty will be the fourth major retailer — after Target, Neiman Marcus and Michaels — to confirm that its systems were compromised recently. A report last week from Bloomberg News identified Sears as another company that had been breached, but the company and law enforcement officials have denied reports.