Late last week, Sally Beauty Holdings, Inc. (Sally) confirmed that it has suffered a second data breach in the last year. On March 14, 2014, KrebsOnSecurity reported that credit cards stolen from Sally had gone up for sale on an Internet site. Reportedly a data breach occurred when intruders gained access through a Citrix remote access portal for employees to log into the Sally system while working remotely. Sally later confirmed that approximately 25,000 records had been accessed and removed from its system by the hackers, impacting all of its stores.
Sally confirmed on May 28th that hackers have accessed its customers’ debit and credit card information through its point of sale systems. The intruders were able to install malware, which was active from March 6th to April 17th. Sally stated it has removed the malware and is offering credit monitoring for its customers.