Sally Beauty Holdings Inc. now believes its previously disclosed security breach might have resulted in the theft of nearly 25,000 records.
The company said on March 5 that it had become aware of an “attempted intrusion” of its Sally Beauty Supply LLC network but had no reason to believe that customer data had been compromised. Sally Beauty Supply sells beauty products directly to the public through a network of stores and beauty consultants.
However, after retaining Verizon to investigate the incident, the company said Monday it “discovered evidence that fewer than 25,000 records containing card-present…payment card data have been illegally accessed on our systems and we believe it may have been removed.”
The company said that it is continuing to “work diligently with Verizon” on the investigation and with the U.S. Secret Service on its preliminary probe into the matter.
It noted that it is difficult to ascertain the scope of such a breach before the completion of the forensic investigation.
Shares Monday closed ahead 1.1 percent, at $27.75, following the disclosure.
Data breaches have become a growing concern for U.S. consumers who rely on credit and debit cards. A breach at Target Corp. late last year might have affected more than 100 million customers while Neiman Marcus Group Ltd. LLC said in January that a cyber theft last year might have impacted 1.1 million of its customers.
A theft of consumer information through use of malware occurred at The TJX Cos. Inc. in 2007 and affected 45.7 million of its customers. Ringleader Albert Gonzalez was sentenced to 20 years imprisonment in 2010 for his role in that scheme.