eLearnSecurity Blog

Sally Beauty Security Breach – Yet Another Credit Card Attack

Yet another security breach has been reported. US cosmetics retailer Sally Beauty Holdings is investigating a possible attack on its payment systems after a year of experiencing a data breach. Last year (March 2014), the company has reported that hackers have stolen sensitive information from over 280,000 payment cards and have released these details on black market websites.

Stealing millions of credit card numbers has a unique goal for cybercriminals: To turn the whole loot into a “product”, where the main store is located into the Deep Web on a shadowy network of the so called Black Market websites, IT Security Researcher, Giuseppe Trotta,  says. These black market sites already have a circle of customers waiting to purchase these information to conduct illegal operations.

Prevent Credit Card Security Breaches

The keyword is prevention. Many times, companies do not put enough effort to protect their systems and the data they own. It’s a mix of reinforcement and training. If you know the threats to your company then you can batten down the hatches and implement solutions to mitigate the problem. However, if you don’t know how to identify these threats, then you won’t know how to stop them.

sally beauty security breach
Photo source: Mike Mozart

Retail Companies: Be Vigilant

Every company must be vigilant, especially those that handle millions of juicy data for the cybercriminals. Normally, big retail companies receive hundreds of attacks hourly. Most of that attacks are based on “old” techniques and can be mitigated easily, but if there is a Zero Day attack taking place, then only a well thought out cyber security strategy can save them from an authentic disaster.

Currently, the company is working with cyber forensic professionals and law enforcement to investigate recent suspicious activities on some of its stores. Sally Beauty has over 4,900 stores in various countries including 2,800 in the U.S.

“Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.” – Statement from Sally Beauty Holdings, Inc.


giuseppe trotta

Giuseppe Trotta is a security researcher and instructor in eLearnSecurity. He is the main developer of the Hack.me project and he is also involved in the management of Hera lab virtualization infrastructures.

Twitter: https://twitter.com/Giutro
LinkedIn: http://it.linkedin.com/in/trottagiuseppe

Tags: , , , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page