DATA BREACH-Sally Beauty Supply Holdings, Inc.

On May 28, 2015, Sally Beauty publicly acknowledged a data breach had occurred due to malware that was placed on its point-of-sale registers at varying times from March 6 to April 17, 2015. Customer credit or debit card information used for purchases at Sally Beauty stores during this period may be at risk. However, the company does not believe PIN data is at risk, as this information is not collected or stored by POS system.

According to Sally Beauty, the data breach may have exposed cardholder data including card numbers, cardholder names, verification codes, and/or expiration dates.

Sally Beauty has purged the malware from its system, and is offering cardholders free identity protection services for up to 12 months. The company continues to work with federal law enforcement authorities, its banking partners, and security experts in order to make sure its customers are protected.

"We regret any inconvenience this incident may have caused our customers, and we want to reassure them that protecting our customers is our priority," said Chris Brickman, President and CEO. "Because we cannot pinpoint exactly which cards might have been affected during our reported date range, we are offering credit monitoring services to any customer who used their payment card at a U.S. Sally Beauty store between March 6th and April 17th of 2015. Customers who wish to take advantage of these free identity protection services can learn more through our website, sallybeautyholdings.com, or by contacting us at 1-866-234-9442 or customerserviceinquiry@sallybeauty.com."