Sally Beauty Holdings Inc. on Monday said it is investigating
reports of unusual activity involving payment cards at some stores,
a year after disclosing a breach that affected more than 25,000
customer records.
The Texas-based retailer said it has been working with law
enforcement and its credit-card processor but until the
investigation is complete, "it is difficult to determine with
certainty the scope or nature of any potential incident."
Last March, Sally Beauty reported an attempted data breach that
it later determined to have affected more customers than initially
estimated. The company said at the time that it believed it had
shut down the attack.
A spokesman for the company confirmed that the investigation
announced Monday is a new potential breach of card data.
The possible breach follows a string of high-profile incidents
over the past few years. Target's 2013 breach, which compromised 40
million credit- and debit-card accounts, has led to renewed calls
for merchants to upgrade their checkout terminals to accept cards
that are embedded with computer chips that are more difficult for
thieves to replicate.
Merchants face an October deadline to upgrade their equipment,
as fraud liability will shift from banks to merchants under certain
circumstances.
Write to Lisa Beilfuss at lisa.beilfuss@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires