Sally Beauty Latest Breach Victim?

Mar. 6, 2014

Sally Beauty Latest Breach Victim? Shortly after the breaches that struck Target, Neiman Marcus and Michael’s, the FBI circulated a report estimating up to 20 more retailers could be experiencing undiscovered or undisclosed breaches. Since that time there has been a scramble to find out which merchant might be next. Yesterday, security blogger Brian Krebs, who was first to report on the big December breaches, said the most recent victim is Sally Beauty.

Sources at several issuing banks examined several of their cards they were able to obtain on a site selling stolen card information and determined the common purchases on them were made at Sally Beauty. Krebs reported that his sources confirmed the cards were used by the legitimate cardholders at the Texas-based beauty-products retailer in the last 10 days. The company said its investigation pinpointed an intrusion, but could not ascertain what, if any, information had been compromised.

“Recently, our systems detected an attempted intrusion into our Sally Beauty Supply LLC network, and we believe we promptly mitigated potential issues arising from this intrusion,” the company said in a statement yesterday. “As a result of our ongoing investigation, which included assistance from a top-tier security firm, we have no reason to believe there has been any loss of credit card or consumer data. We will continue to investigate and actively monitor this situation.”

Backtracking to find a “common point of purchase” is an investigative technique that has been very effective in pinpointing where security breaches originated, though it may be flawed in the aftermath of large breaches like those at Target and Neiman Marcus. Recent indications of a breach at Sears may have been wrongly flagged for this reason.

Brian Krebs, who has consistently been the first journalist to identify the sources of the recent wave of security breaches and explain how and why they are happening, will be appearing at the 2014 CNP Expo in Orland this May. If you would like to hear from him on the current state of network security and how it can affect your business, visit the CNP Expo Website to register and learn more.