GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Proximity payments mash-up: NFC, QR, BLE, MST


Industry Update

Threat indices rise as 'fullz' rush in to IRS site

Ready or not, PCI 3.0 is here

Small change for small issuers in Target-MasterCard settlement

Second Sally Beauty breach a 'wake-up call'

Trade Association News: MWAA revisits heart of Chicago


NFC game changer for retailers and marketers

The Mobile Buzz: Six mobile engagement strategies


Insider's report on payments: Going cashless sounds like nonsense

Patti Murphy
Proscribes Inc.

Valuation impact of EMV on merchant acquiring assets

Scott Calliham and Janinne Dall'Orto
First Annapolis Consulting


Street SmartsSM:
Controversial questions and answers - Part 2

Jeffrey I. Shavitz
Affinity Solutions Inc.

EMV liability shift catching SMBs unaware

Chris O'Donnell
Instabill Corp.

Don't gamble with your business

Kevin Mendizabal
Frates Insurance and Risk Management

Using emotion to your advantage

Jeff Fortney
Clearent LLC

Infographic: 2015 U.S. EMV liability shift

Company Profile

Conformance Technologies


New Products

EMV merchant preparedness, prepackaged and just-in-time

EMV Marketing-in-a-Box for POS
Strategic Marketing LLC

Turnkey, white label hospitality platform

Residualfy Inc.


Mad men and women of business - Part 1


Readers Speak

Boost Your Biz: Who cares?

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

June 08, 2015  •  Issue 15:06:01

previous next

Second Sally Beauty breach a 'wake-up call'

Denton, Texas-based specialty retailer Sally Beauty Holdings Inc. revealed on May 15, 2015, that it had suffered its second security breach in less than two years. The publicly traded company, with approximately 4,800 stores worldwide and annual revenues of $3.8 billion, withheld details on the recent attack but confirmed it is fully cooperating with ongoing investigations.

Sally Beauty President and Chief Executive Officer Chris Brickman declined to speculate on details of the intrusion, deferring to the ongoing forensics investigation. He did, however, encourage customers to monitor payment card and bank accounts for suspicious activity.

"We are working diligently to address the issue and to care for any customers who may have been affected by the incident," he stated, while noting that customers will not be responsible for fraudulent charges to their accounts if said charges are promptly reported. The company also established a toll-free hotline and email address for customers to direct concerns about the breach.

Second call to first responders

In March 2014, Sally Beauty became aware of an unauthorized intrusion into its internal processing systems, affecting approximately 25,000 customer records. Four card issuers subsequently traced fraudulent transactions to payment cards linked to the attack. Security analysts believe account details for approximately 260,000 credit and debit cards were stolen.

The company said it hired Verizon Communications Inc. to conduct an investigation and lead efforts to "remediate and mitigate the issues caused by this security incident." These efforts included offering a free year of credit monitoring and identity theft protection to consumers whose cards may have been affected.

The security community views the second breach at Sally Beauty as a wake-up call for retailers, demonstrating the need for ongoing vigilance and compliance.

"This second Sally breach illustrates how vulnerable companies continue to be, even when they should be on notice," said Michele Borovac, Vice President of Marketing at HyTrust, a cloud-security company based in Mountain View, Calif. She went on to say that attackers are getting smarter and that sometimes even the best perimeter measures are not enough to "stop the kill chain."

Multipronged security benefits

Borovac and her team have seen a recurring pattern in recent breaches, in which attackers have used administrator credentials to gain access to internal security systems. Many security analysts consider the multipronged data security strategies that incorporate a combination of compatible technologies and services to be the best defense against cyber attacks.

Marcin Kleczynski is CEO of Malwarebytes, an anti-malware solutions provider. In recent years Kleczynski and his colleagues have seen a marked uptick in cyber attacks across multiple industries. The majority focus primarily on stealing financial data. "The financial industry needs to make a greater effort toward evolving our current digital payment technologies to something far more secure," he said.

Kleczynski urged consumers to demand greater security in the financial world and encouraged business owners to adopt smarter, more secure technologies. We can enhance security and protect consumer data by "employing, or at least experimenting with, numerous security technologies like two factor authentication, chip and PIN and even dynamic card numbers," he said.

Dr. Mike Lloyd, Chief Technology Officer at cyber-analytics platform RedSeal Inc., recommended the use of automated technologies to help identify security gaps before breaches occur. "Much like a chain, a network is only as strong as its weakest links, and it's very clear now that we face persistent thieves, organized like ants, who will find whatever we leave open to take," he said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios