After recently announcing an investigation, Sally Beauty Supply now confirms that it has "sufficient evidence to confirm that an illegal intrusion into our payment system has indeed occurred." The retailer reported a similar breach in March 2014.
A judge's decision to allow MasterCard's settlement with Target to stand isn't likely to be appealed and could discourage banking institutions, some experts say, from continuing to pursue a breach-related class-action lawsuit they filed against the retailer.
It's unlikely that the same hackers that hit Sally Beauty in 2014 struck the company a second time this year, several threat intelligence experts say. Find out the latest theories about what may have led to the apparent second breach of the retailer.
The latest victim of malware attacks against point-of-sale system vendor NEXTEP is foodservice management company Compass Group, which says payment card data for up to 70,000 users of self-service kiosks was exposed.
As the U.S. completes its payments migration to the EMV chip, merchants and card issuers should be bracing for an uptick in card-not-present fraud, says Carol Alexander, head of payment security at software provider CA Technologies.
A class-action suit filed by U.S. banks and credit unions that's pending against Target could prove fruitful for the banks and credit unions, says attorney Chris Pierson, chief security officer at invoicing and payments provider Viewpost.
White Lodging Services Corp. has revealed a malware attack against point-of-sale systems at 10 of the hotels it manages, potentially exposing payment card data. The disclosure comes about a year after it confirmed a similar malware-related breach.
Some merchants want to postpone the EMV-related fraud liability shift, which major card brands have slated for October. But Randy Vanderhoof of the EMV Migration Forum sees "no reason to move the date."
The Target breach was the hot topic for many RSA 2014 attendees, but Gartner's Avivah Litan was already talking about the next Target - a UK retailer that may have suffered a similar hack, exposing payment card data.
Experts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?