The Sally Beauty chain confirmed Thursday that it has suffered its second data breach in just over two years.
The beauty products seller notified customers earlier this month that it was investigating reports of unusual activity on payment cards used at some of its U.S. locations.
Sally Beauty Holdings would not talk about the scope of the illegal intrusion Thursday because the investigation is ongoing. Its shares have fallen almost 5% in the past month.
“We are working diligently to address the issue and to care for any customers who may have been affected by the incident,” CEO Chris Brickman said, in a printed statement.
The Denton, Texas, company said customers won’t be responsible for fraudulent charges that are promptly reported.
Sally Beauty had a security breach in March 2014 that affected the credit and debit card accounts of thousands of customers. The company offered one free year of credit monitoring and identity-theft protection to customers who may have been affected by that incident.
A number of retailers have been hit in recent years by damaging data breaches, most notably Target, when some 40 million debit and credit cards were compromised.
There has been a push by consumer rights groups and others for retailers to upgrade their security. Banks and credit card issuers are already moving in that direction.
On Tuesday, JPMorgan Chase said it would replace all of its customers’ debit cards with more secure chip-based cards nationwide and it expects to have chips on 70% of its debit cards by the end of 2015.
Sally Beauty sells and distributes products through 4,900 stores, including about 200 franchised units, in the U.S., the U.K., Belgium, Chile, Colombia, Peru, France, the Netherlands, Canada, Puerto Rico, Mexico, Ireland, Spain and Germany.