In a May 4 statement, Sally Beauty says that it is investigating new, `unusual` card activity linked to payment cards used at some of its U.S. stores. Sally Beauty says it first began to receive related warnings during the week of April 27.
`Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts, while working to ensure our customers are protected,` the company notes. `Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident; but we will continue to work vigilantly to address any potential issues that may affect our customers.`
Sally Beauty, a Denton, Texas-based retailer that reported 2014 revenue of $3.8 billion, operates more than 4,800 stores worldwide.
The beauty supplier has promised to issue additional updates `in the coming days` via its website, as well as directly to affected customers. `We will be providing notifications to any affected consumers and others, as appropriate, as the facts develop and we learn more,` it says. It also requested that any customer who discovers fraudulent activity that they believe relates to Sally Beauty should contact its customer service hotline after alerting their card issuer or bank.
Lightning Strikes Twice?
Numerous security experts note that the timing of the second breach report is - at the very least - curious. `Sally Beauty experienced two breaches within a short period of time. It is entirely possible that Sally Beauty never fully eradicated the malware on their POS from the first time,` says George Rice, senior director of payments for data-encryption firm HP Security Voltage.
John Buzzard, who heads up the card-alert service at analytics software company FICO, also questions the timing of the latest report, and whether POS malware may have lingered. `We are all really perplexed when we see breaches that appear to the naked eye to be a repeat situation,` Buzzard says. `As Sally`s storyline evolves, we may learn that the level of customization in the malware that allegedly affected them in 2014 was so complex that it was able to evade a stringent mitigation process. I can`t ascertain if lightning did, indeed, strike twice here; so it`s just a waiting game to see how this can be explained.`
Another attack possibility is that even if the POS malware was eradicated, hackers may have still maintained undiscovered backdoor access to Sally Beauty`s IT infrastructure. Telecommunications and networking giant Nortel, for example, failed to fully eradicate a 2000 breach, and attackers continued to enjoy access to technical reports and corporate secrets for the next decade. Nortel ultimately declared bankruptcy and ceased operations.
Waiting for More Details
A Sally Beauty spokesman tells Information Security Media Group that `it would be premature to speculate` about whether the 2014 and 2015 breach reports might be linked, and declined to detail which digital forensics investigation firm it brought in to investigate the latest breach reports. In 2014, the company hired Verizon to investigate the breach.
Read original article
No comments:
Post a Comment