Sally Beauty Confirms Breach In Payment Card System

Sally Beauty revealed Thursday that its payment card system was breached for a second time in a little more than a year.

Sally Beauty

The beauty products retailer confirmed the illegal intrusion into its payment card systems at some of its U.S. stores.

Second data breach at Sally Beauty

As reported by ValueWalk, in March, Sally Beauty said it was investigating another potential data breach and launched an investigation following reports of unusual activity involving payment cards at some of its beauty stores in the U.S.

The retailer said in March that it was working with law enforcement and credit card processors regarding a second potential data breach at its stores. The retailer indicated that it’s conducting a comprehensive investigation with the help of third-party forensic experts to obtain facts while protecting customers.

In March of last year, the Denton, Tex.-based retailer also said it was investigating unusual payment card activity and initiating steps to provide support for any customers who may have been affected by the incident. Following the initial discovery, the retailer engaged Verizon to investigate the security breach. The retailer indicated that its ongoing investigations revealed that fewer than 25,000 records containing card-present (track 2) payment card data were illegally accessed on its systems.

Following the retailer’s revelation of the data breach in March, its shares have dropped almost 5% in the past month.

String of high-profile data breaches

Following its revelation last month, Sally Beauty Holdings confirmed Thursday that its ongoing investigation revealed unusual payment card activity. However, the retailer said it was working with affected customers and that those who reported suspicious activity promptly would not be responsible for fraudulent charges to their accounts. The beauty products retailer also said it now had “sufficient evidence” of illegal activity, though it couldn’t provide details as the investigation was ongoing.

In its filing with the Securities and Exchange Commission, the retailer clarified that under payment card brand rules, customers will not be responsible for fraudulent charges to their accounts that are promptly reported. The retailer suggested that its customers monitor their payment card statements and report any suspicious transactions to their financial institutions. Chris Brickman, CEO of Sally, said Thursday a forensic investigation into the breach is underway.

As reported by ValueWalk, there have been data breaches at multiple retailers over the past few years. The hackers have stolen customer data from Niemen Marcus, White Lodging, SUPERVALU, Easton-Bell Sports, Harbor Freight Tools, Michael’s, United Parcel Service, Goodwill and P.F. Chang’s China Bistro.

Some of the largest known security breaches have been at Target and Home Depot. In September, Home Depot indicated it could have been a victim of a massive credit card breach that could exceed 40 million credit and debit cards.