by. Tracy Kitten

Now that Sally Beauty Holdings Inc. has acknowledged payment card data was exposed during a recent cyber-attack, security experts are debating whether the incident is connected to the Target Corp. and Neiman Marcus malware-related breaches.

On March 17, the cosmetics supplies retailer and distributor noted in a statement that details on fewer than 25,000 credit and debit accounts were illegally accessed and “may have been removed.” Track 2 data on cards was exposed, the company says. That includes the cardholder’s name, account number and encrypted PIN, as well as card value verification three-digit security codes.

“We do not believe that sensitive information, (other than card numbers) such as Social Security numbers or dates of birth, was compromised as part of this issue,” the retailer states in an updated FAQ posted to its site March 17. “In addition, Sally Beauty does not collect PIN data and, therefore, it should not be at risk.”

Sally Beauty’s Investigation

Sally Beauty on March 5 said its systems detected a possible network intrusion. An investigation was then launched. Then, after news of a possible breach broke, the company responded by saying it had no reason to believe that any payment data or consumer information had been exposed, based on its investigation into the security incident.

continue reading »