Sally Beauty Holdings, Inc. has confirmed an illegal intrusion via malware on some of its point of sale systems, which took place between March 6 and April 7. Due to the data breach, the company stated that payment card information of customers that used cards in the affected store locations may have been put at risk.
Yesterday, Sally Beauty updated its customers about the support it is providing to those that have been affected by the breach. The company reassured customers that it does not collect or store PIN data and therefore, Sally Beauty said it has no reason to believe, and has received no information to suggest, that debit card PINs may have been impacted. The company said it has eliminated the malware from all Sally Beauty POS systems.
“We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority,” said Chris Brickman, president and CEO, Sally Beauty Holdings, Inc.
As the company cannot pinpoint which cards were affected, the company stated that it is providing free credit monitoring services to customers that used their payment card at U.S. Sally Beauty stores during the data breach time period.
Sally Beauty explained that it had began an investigation into a possible security incident shortly after it received reports in late April of unusual activity involving payment cards used at some of its stores in the U.S. Since then, Sally Beauty stated that it has been working with law enforcement and leading third-party forensics experts to ensure that its customers are protected.