Nearly one year after disclosing a security intrusion that impacted more than 25,000 customers, Sally Beauty Holdings, Inc., confirmed that it has suffered another breach of its payment card systems.
After receiving reports "of unusual activity involving payment cards" used at some of the company's U.S. locations in late April, Sally Beauty announced it would launch a comprehensive investigation into the possible cyberattack. After more than a month, CEO Chris Brickman has finally revealed details about the breach.
According to a statement released by the company, "criminals used malware believed to have been effectively deployed on some of our point-of-sale systems at varying times between March 6 and April 17, 2015." The statement also noted that Sally Beauty doesn't store PIN data from debit cards, so that information would not have been exposed during the breach. The malware that caused the intrusion has now been eliminated from the company's POS systems.
Cybercriminals taking advantage of lax network security
In an interview with eSecurity Planet, cybersecurity expert Brad Cyprus said that malware making its way onto enterprise networks through POS systems is becoming increasingly common.
"This is the way that everyone is being hit, because as we've seen during the last two years, it costs nothing for data thieves to attempt to hack a business," said Cyprus. "What retailers need to understand is that every business is a worthwhile and valuable target."
Cyprus also added that malware entering through a POS system is a sign that the cybercriminals behind the attack were not very sophisticated or using advanced methods, and there are a wide variety of defense solutions that could have allowed the company to avoid the situation.
Protecting enterprise networks, and especially POS systems, from malicious actors is one of the most important steps retailers can take to improve the defense of sensitive customer information. Had Sally Beauty been utilizing a network monitoring solution, it would have identified the malicious activity much sooner.
One of the most reliable ways companies can protect their sensitive data is by employing security information and event management services. A managed SIEM solution like FireBreak from ArcticWolf provides an organization with constant monitoring of its networks and analysis of the activity on those systems. Actionable threat information can be gathered from the analysis and used to create a more effective defense procedure.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.