A few days ago Sally Beauty issued a statement about a security incident at the company.
Brian Krebs interviewed an ex ex-employee of Sally Beauty, who was among the first to respond to another incident in 2014.
Hackers infiltrated the company’s network and stole thousands of customer’s credit card information.
According to the ex-employee : “the intruders gained access through a Citrix remote access portal set up for use by employees who needed access to company systems while on the road”.
The attackers somehow had login credentials of a district manager
“This guy was not exactly security savvy. When we got his laptop back in, we saw that it had his username and password taped to the front of it.”
The hackers found a Visual Basic script on Sally Beauty’s network “that contained the username and password of a network administrator”.
That allowed them to basically copy files to the cash registers