Sally Beauty updates breach at POS

Denton, Texas - Sally Beauty Holdings Inc. is releasing new information about a data breach that occurred at varying times between March and April 17, 2015, its second in less than a year. Criminals are believed to have used malware deployed on some Sally Beauty POS systems, which may have put payment card information of customers at risk.



Sally Beauty says all malware has been eliminated. As previously announced, Sally Beauty began an investigation into a possible security incident shortly after it received reports in late April of unusual activity involving payment cards used at some of its U.S. Sally Beauty stores. Since then, the company has been working with law enforcement and third-party forensics experts.



Sally Beauty does not collect or store PIN data, so the company does not believe, and has received no information to suggest, that debit card PINs may have been impacted Customers will not be responsible for any fraudulent charges.



“We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority,” said Chris Brickman, president and CEO. “Because we cannot pinpoint exactly which cards might have been affected during our reported date range, we are offering credit monitoring services to any customer who used their payment card at a U.S. Sally Beauty store between March 6t and April 17, 2015.”



Sally Beauty reported a security breach that may have exposed fewer than 25,000 customer credit card numbers in 2014; this breach is a separate incident.