Another Day, Another Retailer in a Massive Credit Card Breach
number657/Flickr
By Karen Weise

The corporate hacks keep coming. The latest target, according to cybersecurity blogger Brian Krebs, is the beauty supply chain Sally Beauty (SBH), a retailer that draws customers from salons and other stylists.

A new batch of 282,000 stolen debit and credit cards were posted for sale this week on underground marketplaces, and Krebs believes they have been used at one of Sally Beauty's 2,600 stores. It's the latest scoop from Krebs, who has managed to penetrate the criminal underground to break major stories, including the Target (TGT) and Neiman Marcus hacks.

He used a similar technique to help triangulate the source of the Sally Beauty data breach, working with banks to buy back some of their compromised cards and analyze which stores had transactions on each account.
Krebs says the underground marketplaces offering the stolen Sally Beauty card data were also affiliated with the same young Ukrainian man whom he has linked to sales of data purloined from Target.

Sally Beauty's spokeswoman Karen Fugate walked Krebs through the company's efforts to investigate a possible breach. She said the retailer first noticed suspicious activity around Feb. 24, but so far investigators, including Verizon (VZ) Enterprise Solutions, have been unable to detect any hacks.

The highly publicized Target breach, coming in the middle of the key holiday shopping season, helped drag down store traffic this winter. But investors have rallied behind the company recently as Target moves to repair the damage caused by the hack. On Wednesday, Target announced an overhaul of its security operations, bringing in a new high-level executive to replace the outgoing head of information security, Beth Jacob, who resigned Wednesday.

The rash of retail-related breaches has intensified the battle between banks and retailers over who should be responsible when a store is hacked. Just minutes before the Sally Beauty news broke, the National Retail Federation submitted a statement to the House asking Congress to resolve the feud in a "holistic fashion."

Weise is a reporter for Bloomberg Businessweek in New York. Follow her on Twitter @kyweise.


More From Businessweek:


Increase your money and finance knowledge from home

Investing in Startups

The lucrative and risky world of startups.

View Course »

Forex for Beginners

Learn about trading currencies and foreign exchange transactions

View Course »

Add a Comment

*0 / 3000 Character Maximum

7 Comments

Filter by:
Tom

I'm sure that both people that have signed on an paid will find this information useful.

March 07 2014 at 5:30 AM Report abuse +2 rate up rate down Reply
keycoins

Cash is still King.

March 07 2014 at 1:58 AM Report abuse +1 rate up rate down Reply
Crashmendero8

How about just using CASH!!!!!

March 06 2014 at 9:17 PM Report abuse +1 rate up rate down Reply
bdgrizcp

You know, it wasn't that long ago that we had NONE of the tools we have for protecting ourselves from this kind of theft. There is no account you can't (as far as I know) track on line 24/7 and they all have fraud services up and running 24/7. We all have to be vigilant as regards our cash. I have run into a scam or two and been skunked once or twice but it was only because I track my accounts that I caught these things before any real damage was done and my loss was zero. The worst was a very scary e-mail I got from B of A regarding a scam. I smelled something fishy and sent the e-mail to B of A's fraud people--who, a couple of days later, called me to tell me they actually caught the people running this scam. You do realize we all pay for convenience, right? It's a simple fact of life.

March 06 2014 at 5:18 PM Report abuse +1 rate up rate down Reply
Ray

We are totally insane in this country with the BS we as consumers put up with.
Get the darn "chip" in the card, already! Business' don't want to pay for it, fine. I will not shop then.
I will pay cash, if I need stuff. And there will be no "impulse buying." I'll fix em.

March 06 2014 at 12:28 PM Report abuse +11 rate up rate down Reply
1 reply to Ray's comment
M

'Round about 15 years ago, my wife had a TARGET card with the chip technology in it. I still have the reader that could be hooked up to a home computer.

What happened? Was that a limited area trial? Anybody know?

March 08 2014 at 7:07 AM Report abuse rate up rate down Reply
Stan's bizmail

Face it....the world and it's puny minded moralless clumps of cells just aren't ready for things like the internet.....pervs, crimminals, hucksters, stalkers, bullies.....whole new masses of them due to it.....but, it's oh boy! everything all the time 24/7....

March 06 2014 at 12:08 PM Report abuse +3 rate up rate down Reply