Just over a year after its first breach impacted 25,000 customer records, Sally Beauty Holdings has suffered another data breach.
On Thursday, the Texas-based retailer announced that it had enough evidence to suggest that it had suffered a second data breach, confirming Brian Kreb's initial report that fraudulent credit card transactions had been linked to Sally Beauty customer credit cards for a second time. The investigation is still ongoing, and Sally Beauty does not yet know how many customers of its 4,900 stores worldwide were affected.
“We believe it is in the best interests of our customers to alert them that we now have sufficient evidence to confirm that an illegal intrusion into our payment card systems has indeed occurred," said Sally Beauty CEO Chris Brickman in a statement. This confirmation comes 10 days after Sally Beauty launched an investigation into the fraud reports.
Sally Beauty Holdings assured customers that they would not be responsible for any fraudulent charges on their accounts and encouraged them to monitor their credit reports carefully to report suspicious transactions.
The discovery of Sally Beauty's first breach followed a similar pattern to this breach. In early March 2014, Krebs broke the news about Sally Beauty's first breach, after receiving tips from tips from financial sources about credit card fraud patterns matching to Sally Beauty. The evidence suggested that the same cyber criminals responsible for the
While 2013--and then 2014--were each dubbed the year of the data breach, breaches have continued to be an issue for retailers in 2015. On May 1, Hard Rock Hotel and Casino announced that it had suffered a data breach, which had lasted seven months before being discovered. On March 17, Premera Blue Cross announced that financial and medical information belonging to 11 million customers may have been compromised in a breach. In the biggest breach yet this year,