Sally Beauty felled by a recent payment system hack

A batch of 282,000 stolen credit and debit cards went on sale in a popular cybercrime store, and at least three banks went online to buy back the cards they had previously issued to customers.

To figure out where the hackers had found access to the credentials – they used a test known as the “common point of purchase.” Where were all the cards used during the same period of time?  The banks determined all the cards -- there were 15 total -- had been used within the last ten days at Sally Beauty locations across the country.

Sally Beauty spokeswoman Karen Fugate said the company recently detected an intrusion into its network, but that neither company computer experts nor an outside forensics firm could find evidence that customer card data had been stolen from the company’s systems.

“Fugate said Sally Beauty uses an intrusion detection product called Tripwire, and that a couple of weeks ago — around Feb. 24 — Tripwire detected activity,” KrebsOnSecurity reports. “Unlike other products that try to detect intrusions based on odd or anomalous network traffic, Tripwire fires off alerts if it detects that certain key system files have been modified.”

After a deconstruction of the methods used, an examination of network traffic, all company logs and all potentially accessed servers, “we found no evidence that any data got out of our stores,” Fugate said. “But our investigation continues.”

All of the banks reported fraud occurring on cards shortly after they were used at Sally Beauty, in the final week of February and early March.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.