Sally Beauty has confirmed that criminals did use malware on some of its point-of-sale systems at varying times between 6 March and 17 April 2015.
The announcement comes after the US firm alerted customers that there was an ilegal intrusion into its payment system but the scope of the intrusion was not previously known. The company has since been working with US law enforcement and third-party forensic experts to ensure that its customers are now protected.
The company has since eliminated the malware from its point of sale systems and has stressed that it does not collect or store any PIN data. Chris Brickman, President and CEO of Sally Beauty, said: "We regret any inconvenience this incident may have caused our customers and we want to reassure them that protecting our customers is our piority."
Brickman added that because the store could not pinpoint exactly which cards might have been affected during the named period, they would be offering credit monitoring services to any customer who used their payment card at a US Sally Beauty store during this time.