Sally Beauty confirms card data breach, 25,000 customers affected

Sally Beauty Holdings (NYSE: SBH) said Monday that credit card data from up to 25,000 customer accounts was compromised in a systems breach discovered on Mar. 5.

The attack could be the work of the same criminals who stole 40 million credit and debit cards from Target, reports KrebsOnSecurity.

"We have now discovered evidence that fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed on our systems and we believe it may have been removed," Sally Beauty said in a statement.

The Denton, Texas-based seller of beauty supplies says it is investigating with a forensics firm and is working with the U.S. Secret Service.

Sally Beauty currently owns and operates more than 2,800 Sally Beauty Supply stores worldwide, including stores in Puerto Rico, Canada and every state in the U.S.

This data breach follows wide-scale attacks on Target (NYSE:TGT) and Neiman Marcus that occurred during the critical holiday shopping season. Last month, Target reported a 46 percent decline in fourth-quarter profit, as costs related to the breach weighed on the retailer's earnings. Target was hit with $61 million in quarterly expenses from the breach.

Most recently, U.K. grocer Morrisons came under attack when personal information from about 100,000 of its employees was leaked by an insider and posted on the Internet. The information included names, addresses and bank account details of staffers from all levels of the organization.

For more:
-See this Sally Beauty press release
-See this KrebsOnSecurity article

Related stories:
Target: Timeline of a data breach
Target's data breach is a story with long legs
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them