ALERT! Sally Beauty Breached Again ALERT!

Published On May 5, 2015 | By Tom Huskerson | Alerts, News and Analysis

Credit card data may be compromisedThe African American Cyber Report reported in March of 2014 of a data breach at Sally Beauty Supply stores. So here we go again!

One year later Sally Beauty Supply is again revealing that a network intrusion exposed customer payment card data and is now investigating fresh breach reports. Sally Beauty has over 4,800 U.S. stores reporting 2014 revenue of $3.6 billion.

Sally Beauty first began to receive warnings of a possible breach during the week of April 27th . In a May 4th announcement store executives admitted to investigating “unusual” card activity linked to payment cards used at some of its U.S. stores. 

“Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts, while working to ensure our customers are protected. Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident; but we will continue to work vigilantly to address any potential issues that may affect our customers.”

The beauty supplier vowed to provide additional updates “in the coming days” via its website and directly to affected customers. “We will be providing notifications to any affected consumers and others, as appropriate, as the facts develop and we learn more.” The chain also requested that any customer who discovers fraudulent activity that they believe relates to Sally Beauty should contact its customer service hotline after alerting their card issuer or bank.

Cyber security experts point out the suspecious timing of the second data breach. George Rice, senior director of payments for data-encryption firm HP Security Voltage pointed out, “Sally Beauty experienced two breaches within a short period of time. It is entirely possible that Sally Beauty never fully eradicated the malware on their POS from the first time.” 

John Buzzard, head of card-alert service at analytics software company FICO, agrees stating “We are all really perplexed when we see breaches that appear to the naked eye to be a repeat situation.” Buzzard continues, “As Sally’s story line evolves, we may learn that the level of customization in the malware that allegedly affected them in 2014 was so complex that it was able to evade a stringent mitigation process. I can’t ascertain if lightning did, indeed, strike twice here; so it’s just a waiting game to see how this can be explained.”

A Sally Beauty spokesman told the Information Security Media Group that “it would be premature to speculate” about whether the 2014 and 2015 breach reports might be linked, and declined to detail which digital forensics investigation firm it brought in to investigate the latest breach reports. The 2014 breach was investigated by Verizon .

The question most customers have is; why did this happen again? In the company’s 2014 annual report, released in November, Sally executives noted the company had a number of information security defenses in place. “We have physical, technical and procedural safeguards in place that are designed to protect information and protect against security and data breaches as well as fraudulent transactions and other activities,” it said. “Despite these safeguards and our other security processes and protections, we have been a victim of cyber-attacks and data security breaches, including a breach that resulted in the unauthorized installation of malware on our information technology systems that may have illegally accessed and removed a portion of payment card data for certain transactions.”

Tripwire senior security analyst Ken Westin says there are steps all retailers need to take, not just ones that have suffered a Point-Of-Sale malware attacks. These steps will allow retailers to safeguard themselves against online attacks, as well as to rapidly detect unfolding breaches. Those include keeping a close eye on all data regulated by the Payment Card Industry Data Security Standard. “Both the intrusion and the malware components can be better detected by taking a layered security approach, monitoring endpoints and the network itself closely for anomalies and indicators of compromise specific to retail breaches,” he says. “These include configuration changes, unauthorized processes and credit card data appearing on the file systems, RAM or anywhere outside the PCI environment.”


Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *