After recently announcing an investigation, Sally Beauty Supply now confirms that it has "sufficient evidence to confirm that an illegal intrusion into our payment system has indeed occurred." The retailer reported a similar breach in March 2014.
Some federal lawmakers are concerned that passing a national data breach notification law would weaken security protections found in certain states' statutes. That's a major reason getting a national law enacted will prove difficult.
One year after Sally Beauty Supply revealed that a network breach compromised payment card data and exposed 25,000 records, the company says it is investigating new breach reports. Did it fail to eradicate the original intrusion?
Knowing exactly when to share information with law enforcement in the wake of a breach is challenging, says Assistant U.S. Attorney William Ridgway, a featured speaker at ISMG's Fraud Summit Chicago on May 19.
Partners HealthCare System announced that it is the latest healthcare organization hit by a data breach attributed to a phishing attack. The records of an estimated 3,300 individuals may have been compromised in the incident.
Privacy advocates in the Senate have introduced a national data breach notification bill that would allow states to keep their own laws if they provide more stringent reporting and privacy protections than offered by the federal government.
A House committee approved on April 15 a national data breach notification bill, but the committee chairman concedes that the legislation isn't quite ready for a vote by the full House of Representatives.
White Lodging Services Corp. has revealed a malware attack against point-of-sale systems at 10 of the hotels it manages, potentially exposing payment card data. The disclosure comes about a year after it confirmed a similar malware-related breach.
The House Intelligence Committee has approved cyberthreat information sharing legislation that its leaders developed. Meanwhile, a national data breach notification bill has been introduced that's modeled on language proposed by the White House.
Efforts by some Democratic members of a House subcommittee to amend a national data breach notification bill so that states could retain tougher data security requirements have failed. The measure now advances to a full committee.
Witnesses testifying at a House hearing offered divergent views on the language of legislation to nationalize data breach notification, showing the challenges lawmakers face in crafting a bill that can pass Congress and be signed by the president.