Some payment cards ‘at risk’ in Sally Beauty breach

One of the largest U.S. beauty supply retailers said some payment card information might have been compromised in a recently confirmed data breach.

Sally Beauty said Thursday that thieves used malicious software to steal data from retail point-of-sale devices between March 6 and April 17.

ADVERTISEMENT

Payment cards used during that period at Sally Beauty stores might be “at risk” as a result, though the company noted that only some systems were affected.

The announcement points to the scope of the breach, Sally Beauty’s second in roughly one year.

“We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority,” said Chris Brickman, President and CEO, in a statement late Thursday.

While the company does not believe PIN data was stolen, it is offering credit monitoring services to any customer who used a payment card at its stores between March 6 and April 17.

Sally Beauty confirmed the second data breach on May 15 and said an investigation was underway.

The company’s first breach affected nearly of its 2,600-plus U.S. locations and was discovered after card data was posted for sale on the black market.