Nationwide cosmetics and beauty retailer Sally Beauty confirmed that hackers had broken into its networks and stolen credit card data from stores.Sally Beauty Holdings (SBH) said Monday that credit card data from up to 25,000 customer accounts was compromised and may have been stolen in a breach of its systems.
The company said, information stolen included payment card numbers and the three-digit security codes, known as CVV numbers.
Customers will be notified if their information was stolen, said Sally Beauty, which is advising shoppers to check their bank statements for suspicious transactions. The company did not provide details on the nature of the breach, including whether it affected only shoppers who came into a store or also those who shopped online.
Sally Beauty Holdings, Inc. (NYSE: SBH) is an international specialty retailer and distributor of professional beauty supplies with revenues of $3.6 billion annually.
Through the Sally Beauty Supply and Beauty Systems Group businesses, the Company sells and distributes through 4,700 stores, including approximately 200 franchised units, throughout the United States, the United Kingdom, Belgium, Chile, France, the Netherlands, Canada, Puerto Rico, Mexico, Ireland, Spain and Germany.
According to krebsonsecurity that Sally Beauty probably had been attacked by the same hackers who stole more than 100 million customers’ data from Target.
Sally Beauty declined to speculate whether data from its online stores was compromised, but stressed that so far the breach is known to involve “card present” data specifically the data stored on the magnetic strip on the backs of cards.
Thieves prize this data because it allows them to create counterfeit cards and use them to go shopping in big box stores for high-priced merchandise, gift cards and other items that can be resold quickly for cash.
In a fascinating and timely development, the main fraud shop that has been selling cards stolen in the Sally Beauty breach rescator so was recently hacked, its entire database of customer's usernames and passwords dumped online. Then, sometime on Sunday, the site’s homepage was defaced, with a message to this author and to the proprietors of the fraud shop.
No comments:
Post a Comment