This morning, the Sally Beauty company admitted for the second time in 14 months that hackers had managed to breach their security and steal the payment-card information of customers who used their cards at Sally Beauty Supply stores.
Security expert Brian Krebs, who initially broke word of the first Sally Beauty hacking in March 2014, said today that over the past week, multiple unnamed financial institutions noted a pattern of fraudulent charges sharing one thing in common: all cardholders complaining of false charges on their accounts had previously used their cards to pay for something at a Sally Beauty store. Krebs asked Sally Beauty about these claims yesterday, and this morning, Sally Beauty issued a statement saying, in part, that:
Sally Beauty Holdings, Inc. is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores. Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected. Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.
What to do
The statement went on to say that “we encourage any customer who is concerned about the security of their payment cards to call our Customer Service Hotline at 1-866-234-9442, so that we can assist them in addressing any potential concerns. Sally Beauty will, as appropriate, provide updates as we learn more from our investigation.”
Thus far, Sally Beauty has not indicated the time frames involved: when did this pattern of “unusual activity” start? Last year, when Sally Beauty announced its first breach discovery, it was also able to offer an exact date (about three weeks before the announcement), which in turn made it easy for then-recent Sally Beauty customers to know whether or not they personally needed to worry.
The equivalent information is not yet available regarding this second Sally Beauty breach. But if you've recently used your credit or debit card to buy something at a Sally Beauty Supply store, you should check your recent account activity for fraudulent charges, and contact your card issuer at once if you find any.