The beauty products seller notified customers earlier this month that it was investigating reports of unusual activity on payment cards used at some of its U.S. locations.
Sally Beauty Holdings Inc. would not talk about the scope of the illegal intrusion Thursday because the investigation is ongoing. Its shares have fallen almost 5 per cent in the past month.
"We are working diligently to address the issue and to care for any customers who may have been affected by the incident," CEO Chris Brickman said in a printed statement.
The Denton, Texas, company said customers won't be responsible for fraudulent charges that are promptly reported.
Customers who have concerns about their payment cards can call a customer service hotline at 1-866-234-9442 or email firstname.lastname@example.org.
Sally Beauty had a security breach in March 2014 that affected the credit and debit card accounts of thousands of customers. The company offered one free year of credit monitoring and identity-theft protection to customers who may have been affected by that incident.
A number of retailers have been hit in recent years by damaging data breaches, most notably Target Corp., when some 40 million debit and credit cards were compromised.
There has been a push by consumer rights groups and others for retailers to upgrade their security. Banks and credit card issuers are already moving in that direction.
On Tuesday, JPMorgan Chase said that it will replace all of its customers' debit cards with more secure chip-based cards nationwide and it expects to have chips on 70 per cent of its debit cards by the end of 2015.
Sally Beauty sells and distributes products through 4,900 stores, including about 200 franchised units, in the U.S., the U.K., Belgium, Chile, Colombia, Peru, France, the Netherlands, Canada, Puerto Rico, Mexico, Ireland, Spain and Germany.