Cyber Incident Victim: Sally Beauty Holdings
Date:
May 2015
Location:
United States of America
Summary
Sally Beauty Holdings investigated reports of unusual payment card activity at certain U.S. stores, collaborating with law enforcement, its credit card processor, and a third-party forensics firm to determine the scope. The company acknowledged potential compromise of customer payment card data but emphasized the investigation remained ongoing to confirm the nature and extent of the incident. Customers were encouraged to contact a dedicated service hotline for assistance, with updates promised as findings emerged. The incident mirrored prior security challenges faced by the retailer, underscoring ongoing risks to payment systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2015, Sally Beauty Holdings, Inc. announced it was investigating reports of unusual activity involving payment cards used at an unspecified number of its U.S. Sally Beauty retail stores. The company initiated this investigation after learning of the suspicious transactions, though the exact timeline of initial detection was not disclosed. Sally Beauty engaged law enforcement authorities and its credit card processor while launching a comprehensive internal investigation assisted by an unnamed third-party forensics firm. At the time of their May 4 public statement, the investigation remained ongoing, making definitive conclusions about the incident's scope, nature, or root cause impossible. The company acknowledged potential compromise of customer payment card data but provided no specifics regarding the number of affected stores, timeframes of exposure, or exact data types involved. Customer notification efforts included establishing a dedicated service hotline (1-866-234-9442) and directing consumers to check sallybeautyholdings.com for updates, though no breach confirmation or detailed advisories were published during the initial disclosure phase.
As a $3.8 billion specialty retailer operating approximately 4,900 stores across 15 countries, the incident exclusively impacted U.S. Sally Beauty Supply locations, with no indication of compromise at international stores or its Beauty Systems Group/CosmoProf business units. The company emphasized customer security as a priority under its "Love It or Return It" policy framework but did not implement transactional monitoring services or credit protection offers at the disclosure stage. Operational impacts included diverted resources to forensic analysis and coordination with payment networks, though business continuity measures maintained normal store operations. Legal and regulatory considerations were acknowledged through standardized forward-looking statements cautioning about potential financial liabilities, reputational damage, and investigation costs stemming from the incident. Sally Beauty committed to providing further updates contingent on investigative findings but did not specify a timeline for subsequent disclosures.