Second Sally Beauty breach a 'wake-up call'

Denton, Texas-based specialty retailer Sally Beauty Holdings Inc. revealed on May 15, 2015, that the company had suffered its second security breach in less than two years. The publicly traded company, with approximately 4,800 stores worldwide and annual revenues of $3.8 billion, withheld details on the recent attack but confirmed it is fully cooperating with ongoing investigations.

Sally Beauty President and Chief Executive Officer Chris Brickman, who replaced the company's outgoing CEO, Gary Winterhalter, in February 2015, declined to speculate on details of the intrusion, deferring to the ongoing forensics investigation. He did, however, encourage customers to monitor payment card and bank accounts for suspicious activity.

"We are working diligently to address the issue and to care for any customers who may have been affected by the incident," he stated, while noting that payment card brand rules stipulate customers will not be responsible for fraudulent charges to their accounts if said charges are promptly reported. The company also established a dedicated toll-free hotline and email address for customers to direct concerns about the breach and its possible impact on their payment cards.

Second call to first responders

In March 2014, Sally Beauty became aware of an unauthorized intrusion into its internal processing systems, affecting approximately 25,000 customer records. Four card issuers subsequently traced fraudulent transactions to payment cards linked to the attack. Security analysts believe account details for approximately 260,000 credit and debit cards were stolen.

The company said it hired Verizon Communications Inc. to conduct an investigation and lead efforts to "remediate and mitigate the issues caused by this security incident." These efforts included offering a free year of credit monitoring and identity theft protection to consumers whose cards may have been affected.

The security community views the second breach at Sally Beauty as a wake-up call for retailers, demonstrating the need for ongoing vigilance and compliance.

"This second Sally breach illustrates how vulnerable companies continue to be, even when they should be on notice," said Michele Borovac, Vice President at HyTrust, a cloud-security company based in Mountain View, Calif. She went on to say that attackers are getting smarter and that sometimes even the best perimeter measures are not enough to "stop the kill chain."

Multipronged security benefits

Borovac and her team have seen a recurring pattern in recent breaches, in which attackers have used administrator credentials to gain access to internal security systems. "Organizations must take a fresh look at their internal security systems, processes and people, and put controls in place to protect these privileged accounts," she said.

Many security analysts consider the multipronged data security strategies that incorporate a combination of compatible technologies and services to be the best defense against cyber attacks.

Marcin Kleczynski is CEO of Malwarebytes, an anti-malware solutions provider headquartered in San Jose, Calif. In recent years Kleczynski and his colleagues have seen a marked uptick in cyber attacks across multiple industries. The majority of these attacks focus primarily on stealing financial data. "The financial industry needs to make a greater effort toward evolving our current digital payment technologies to something far more secure," he said.

Kleczynski urged consumers to demand greater security in the financial world and encouraged business owners to adopt smarter, more secure technologies.

We can enhance security and protect consumer data by "employing, or at least experimenting with, numerous security technologies like two factor authentication, chip and PIN and even dynamic card numbers," he said, adding that these technologies create additional layers of defense, which render a customer's financial information as useless if it is stolen.

An ounce of prevention

The retail and payment communities are well aware of the devastating effects of data security breaches on retailers. As of this writing, Sally Beauty's stock had been declining since the breach become public knowledge. Some financial analysts have questioned if the company has the resilience to survive the second major attack.

Dr. Mike Lloyd, Chief Technology Officer at Sunnyvale, Calif.-based cyber-analytics platform RedSeal Inc., recommended the use of automated technologies to help organizations identify security gaps before breaches occur.

"Much like a chain, a network is only as strong as its weakest links, and it's very clear now that we face persistent thieves, organized like ants, who will find whatever we leave open to take," he said.

Editorial Note:

Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.