Sally Beauty confirms second data breach

One of the largest U.S. beauty supply retailers confirmed that customer payment card data was compromised in the second data breach at the company in roughly one year.

Sally Beauty President Chris Brickman did not disclose the scope of the breach but said an investigation is underway.


“We believe it is in the best interests of our customers to alert them that we now have sufficient evidence to confirm that an illegal intrusion into our payment card systems has indeed occurred,” Brickman said in a statement released Thursday.

“We are working diligently to address the issue and to care for any customers who may have been affected by the incident,” he said.

The company began investigating the possibility of a breach earlier this spring after noticing “unusual” payment activity on its networks.

The first breach affected nearly all of the company’s 2,600-plus U.S. locations and was confirmed after a set of card data was released for sale on the black market.

All of the 282,000 cards had been used at Sally Beauty, though the company said that fewer than 25,000 card accounts were in fact stolen from its systems.

It is unclear how hackers went about the second breach. The first was linked to malware that infected point-of-sale systems, the same process that compromised Home Depot and Target in recent years.