Customers of colossal cosmetics retailer Sally Beauty Supply are being advised to check their credit card statements after the company admitted it was breached for the second time in a little over a year.
The company's admission follows its previous stonewalling of requests for comment after media learned that the FBI was on-site and investigating a likely data breach.
The company issued a statement overnight that said it has forensics teams on hand investigating the potential breach.
"Sally Beauty Holdings is currently investigating reports of unusual activity involving payment cards used at some of our US Sally Beauty stores," the statement reads.
"Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected.
Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers."
While the company says security "remain our priority" it seems it is unable to adequately protect customer data. Its systems were breached March 5th last with over 30,000 customers affected. The latest breach likely involves a similar number.
The incident raises questions about a national data breach disclosure law given the company has known of the breach for some time yet only alerted customers after word the incident was leaked.
This prevents customers from notifying banks and taking other measures to minimize the impact the data theft has on their finances and credit profile.