Sally Beauty Probing Second Possible Data Breach

U.S. cosmetics retailer Sally Beauty Holdings is investigating what could be a second data breach in just over a year. The company has received reports of unusual activity involving payment cards customers used at some of its Sally Beauty Stores.

EUSince learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected,EU the company said in a statement. EUUntil this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.EU

In March 2014, Sally Beauty reported hackers stole sensitive information about thousands of is customers. That data included payment card numbers and security codes. In 2013 and 2014, a slew of retailers got hit with data breaches, including Home Depot, Target, MichaelEUs and Neiman Marcus.

The Case for P2PE Encryption

We caught up with Ken Westin, senior security analyst at advanced persistent threat detection firm Tripwire, to get his thoughts on what appears to be a second Sally breach. He told us the fact we continue to see retail breaches even after some of the mega breaches over the past year indicates two things.

First, attackers are adapting their methods and the sophistication of their tools, he said. Second, many retailers still havenEUt invested in detection or adapted defenses to detect these very real threats.

WestinEUs solution: The retail industry needs to move to point-to-point encryption (P2PE). The problem is that this can come at a heavy cost because it often requires an overhaul of existing payment systems so this is not something that will happen...

Comments are closed.