This morning, the Sally Beauty company released an update about their most recent customer-data security breach.
The March 2014 breach was initially uncovered by security expert Brian Krebs, after he learned that 282,000 credit and debit card numbers stolen from Sally Beauty in the previous month were being offered for sale in an illicit online criminals' forum. And Krebs (more specifically, his unnamed sources at various card-issuing financial institutions) was also the first to suspect this second Sally Beauty breach, after various banks' fraud investigators noticed a pattern of fraudulent-charge complaints sharing one trait in common: every defrauded cardholder had recently used that card to pay for something at a Sally Beauty store.
So on May 4, Sally Beauty released a statement saying, in part, that it “is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores.”
This morning, the company went a small step further when President and CEO Chris Brickman confirmed that there is “sufficient evidence to confirm that an illegal intrusion into our payment card systems has indeed occurred. However, we will not speculate on the scope of the intrusion as our forensics investigation is still underway.”
Thus far, nobody involved in the investigation – whether official Sally Beauty spokespeople, or anonymous financial-industry insiders – has offered any estimates regarding the time frame of this security breach, nor how many customers were affected. Any Sally Beauty payment-card customers concerned about their accounts can call Sally Beauty at 1-866-234-9442, or send an email to firstname.lastname@example.org .