Sally Beauty Announces Fresh Updates about Security Breach

Securityweek.com reported on 29th May, 2015 stating that professional retailer of beauty supplies Sally Beauty (Texas, US) has provided an update about its investigation in the recent breach of its card payment systems.

Sally Beauty recently released an official statement revealing that cybercriminals had installed malware on some point-of-sale (PoS) systems of the company at different times between 6th March and 17th April, 2015. The retailer confirms that it has removed the malware from all its PoS systems.

The attackers might have gained access to names, credit or debit card numbers, expiry dates, verification values of cardholder and service codes. Sally Beauty has observed that the cardholder verification value (CVV) is referring to is not the value of 3-4 digits which is printed on the card.

Bankinfosecurity.com published a report on 29th May, 2015 quoting Chris Brickman, CEO and President of Sally Beauty as saying "We regret any inconvenience caused to our customers due to this incident and we would like to reassure them that safety of our customers is our top priority. We are offering credit monitoring services to any customer who used their payment card at a U.S. Sally Beauty store between 6th March and 17th April, 2015 because we cannot point out exactly which cards might have been affected during our reported range of dates." More information is available through the website of Sally Beauty which also details email and telephone contact points.

However, the company did not specify the number of stores in U.S. whose POS systems might have been infected with this malware or the number of customers or payment accounts that might have been affected.

As investigation is going on, Sally Beauty could not say if this breach is related to a similar incident in 2014 in which the company announced that around 25,000 records consisting data of payment card were illegally accessed by invaders and might have been removed.

Conclusively and unfortunately incidents like the above ones have caused renewed calls for merchants to upgrade their checkout terminals to accept cards which are implanted with computer chips which are more difficult for thieves to imitate.

» SPAMfighter News - 6/9/2015