Sally Beauty Investigating New Breach

By Brianna Ahearn, contributing writer

Sally Beauty Holdings has suffered a new security breach for cards used at their U.S. Sally Beauty stores, the retailer confirmed via a statement on May 4, 2015. Investigation into the breach is currently underway and Sally Beauty will update their customers with any issues or further concerns that may arise. The breach was described as “unusual activity involving payment cards” in the statement. Sally Beauty is currently working with law enforcement and their credit card processor, as well as a third-party forensics expert, to determine the depth of the breach and gather facts.

“Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers,” Sally Beauty's statement reads.

Sally Beauty Holdings hasn't released a list of the affected stores, but the company operates a store in every state, with more than 4,900 stores total worldwide. The company advices customers who are concerned about their payment card security to call the Customer Service Hotline at 1-866-234-9942 or visit sallybeautyholdings.com. As the investigation continues, the retailer will update their customers. The Sally Beauty Holdings Inc website also contains a Questions and Answers page. On that page, the retailer states that the breach was first indicated on April 27.

In March 2014, hackers infiltrated the payment system of Sally Beauty stores, and seized more than 25,000 customer records. The initial reports for the first breach had the affected customer number as less than 25,000, however, investigation revealed it was more than initially thought. To date, Sally Beauty hasn't announced how many customers may have been affected by the new breach. The retailer also said that it won't speculate on whether the new breach is related to the previous breach, as the scope of the investigation hasn't been completed. Customers won't be liable for any charges incurred if their card was stolen, and the retailer urges customers to watch their banking information carefully for any new charges or transactions.

Events like the Sally Beauty breach highlight the growing shift of a more secure credit card processing technology and in October 2015, all U.S. restaurants and merchants will be required to be compliant with EMV (Europay, Mastercard, Visa) standards, for PIN-based, chip-enabled credit and debit cards. The shift focuses on enhancing security and moving away from the magnetic-stripe cards. Retailers will be liable for any activity if credit card data is stolen and used by thieves. The EMV cards have chips with the embedded customer information, rather than keeping it in the stripe of the card. The cards will make it harder for thieves to steal the data. The United States has been slow to implement the technology according to experts but come October, it's now required to have a chip and PIN reader in place for any business merchant or restaurant.