Sally Beauty: Investigation Confirms Customer Payment Info May Have Been Put At Risk, But Not Debit PINs

Three weeks after Sally Beauty first said it was looking into whether it’d been the victim of a hack attack, the company says it’s confirmed that criminals used malware on some of its point-of-sale systems, possibly exposing payment information for customers who used cards at some of its U.S. stores.

Criminals deployed the malware at certain stores during “varying times” between March 6 and April 17, the company said in a press release, though it’s unclear how many stores or how many customers were affected.

Although payment information may have been at risk for some customers, Sally Beauty says it has “no reason to believe, and has no information to suggest that debit card PINs may have been impacted.”

It says it’s eliminated the malware from all Sally Beauty point-of-sale systems.

“We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority,” said Chris Brickman, President and CEO in the press release, adding that because the company “cannot pinpoint exactly which cards might have been affected during our reported date range,” it’s offering credit card monitoring services to anyone who used a credit or debit card at Sally Beauty store between March 6 and April 17.

Customers who wish to take advantage of the free identity protection services can go to sallybeautyholdings.com; call 1-866-234-9442 or email customerserviceinquiry@sallybeauty.com.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.