Article Lead Image

Have the Target hackers done it again?

Cosmetics company confirms cyberattack suspected for weeks.


Tim Sampson


Posted on Mar 18, 2014   Updated on May 31, 2021, 3:09 pm CDT

The same group of hackers that stole more than 40 million credit card numbers from Target last December appears to have struck again, this time targeting Sally Beauty Supply.

In a statement released Monday, the cosmetics company confirmed a data breach that has been suspected for weeks now. An initial forensics investigation by Verizon found that records from less than 25,000 cards were stolen in the attack. The company first reported an unauthorized attempt to invade its network on March 5.

Specifically, Sally Beauty says that “card-present” data was seized in the theft. This includes information like customer name, card number, expiration date and CVV. However, the company stressed that other data like social security numbers, birth dates, and PIN numbers most likely are not at risk.

But as cybersecurity blogger Brian Krebs – the first to break the story earlier this month – points out, card-present data includes the information contained on magnetic strips. This makes it easy for the hackers to make counterfeit cards used for making pricey purchases at big box stores that are then quickly resold for cash.

“We take this criminal activity very seriously,” the statement from Sally Beauty reads. “We continue to work diligently with Verizon on this investigation and are taking necessary actions and precautions to mitigate and remediate the issues caused by this security incident. In addition, we are working with the United States Secret Service on their preliminary investigation into the matter.”

The company advised its customers to check back on the corporate website for new information as it becomes available. Company officials said notifications will soon be sent out to affected customers once they have been identified. As is the case with any security breach, it is advisable for Sally Beauty customers to keep an close eye on their credit and debit card statements for signs of suspicious activity and to contact their bank or credit card company at the first sign of fraud.

The Texas-based cosmetics and hair supply company did not identify the hackers behind the security breach, but Krebs notes that the stolen cards first appeared for sale on the same fraud sites implicated in the attack on Target last December.

“That conclusion stemmed from purchases made by several banks at an archipelago of fraud sites that have been selling cards stolen in the Target breach,” Krebs wrote. “The first new batch of non-Target cards sold by this fraud network – a group of cards marketed under the label ‘Desert Strike’ – all were found by three different financial institutions to have been recently used at Sally Beauty stores nationwide.”

Though they may have been hit by the same group of fraudsters who attacked Target, the data theft from Sally Beauty pales in comparison. The attack on Target during the first two weeks of the busy holiday shopping season last year allowed thieves to collect data from more than 40 million cards. They also gained access to other personal information from more than 70 million customers. Despite the severity of the attack – one of the largest data breaches in U.S. history – a recent Bloomberg Businessweek investigation claims the theft could easily have been prevented had early warnings been heeded.

H/T Krebs on Security | Photo by Steve Rhodes/Flickr

Share this article
*First Published: Mar 18, 2014, 8:39 am CDT