14 DAY TRIAL // Sally Beauty, the retailer that has recently suffered a data breach in which payment card information was compromised, revealed last week that the incident was more serious than it had initially reported.
The breach came to light at the beginning of March. On March 17, the company published a statement claiming that fewer than 25,000 payment cards had been impacted by the cybercriminal attack.
The investigation is still ongoing, but the company says that the attackers might have obtained more than just 25,000 payment card track 2 records when they accessed its networks.
While the breach is being investigated, the company has decided to offer impacted customers one free year of credit monitoring and identity theft protection services.
“Our customers remain our top priority,” Gary Winterhalter, the company’s chairman, president and CEO, noted. “Instructions for this service can be found through our website, sallybeautyholdings.com.”
Sally Beauty promises to provide more information as it becomes available. However, for the time being, the retailer doesn’t want to speculate on the scope of the breach.
It has revealed however that “a larger number of additional records containing payment card data may have been illegally accessed and removed from our systems.”
“As we have said previously, we will not speculate on the scope of our recent data security incident until the forensic review progresses because experience with such incidents at other retailers has taught that it is difficult to ascertain the extent of a data breach incident until the required forensic review is complete,” the company wrote in a statement.
The statement came shortly after security expert Brian Krebs published a report in which he presented evidence that all of the more than 2,600 Sally Beauty locations across the United States were impacted.
Krebs determined this after analyzing the ZIP code indexes on Rescator, the cybercrime website that sells the payment card data stolen from Sally Beauty.
“I was able to conduct the same analysis with the new batch of cards on Rescator’s site that initially tipped me off to the Sally Beauty breach. The result? There are nearly the exact same number of U.S. ZIP codes represented in the batch of cards for sale on Rescator’s shop as there are unique U.S. ZIP codes of Sally Beauty stores (~2,600),” Krebs noted.
In the initial scenario, in which only 25,000 cards were impacted, if all stores were affected, it meant that the hackers managed to intercept only 10 transactions from each store, which is an unlikely scenario.
On the other hand, a batch of 282,000 cards has been published on Rescator under the name Desert Strike. This could be the actual number of cards that have been compromised, but it’s difficult to say for sure until Sally Beauty completes its investigation.