Although the phrase “lightning never strikes the same place twice” may be familiar, it’s untrue. Yet the myth persists, because it seems inconceivable that such a destructive and seemingly uncontrollable phenomenon could hit the exact same spot for a second time. Victims who are reeling from that first, painful jolt may be shocked to learn they can get struck again, even as they scramble to take preventative measures.
That’s probably how the executives at Sally Beauty are feeling.
The company first reported a data breach in mid-2014, noting that hackers had stolen information, including credit card numbers and security codes, about thousands of customers. Much like any company that’s been hit with a breach, Sally Beauty brought on security experts, employed computer forensics and even worked with the U.S. Secret Service.
Then, just a month ago, it happened again. Despite all of those protective measures and new security, another 25,000 customers were affected. Sally Beauty is now working with law enforcement and forensics experts in the hope that “data breach lightning” doesn’t happen a third time.
A Future Trend?
Although this kind of second-strike breach isn’t widespread yet, Sally Beauty isn’t the only company to report multiple attacks.
White Lodging Services Corporation, a hotel management company that operates properties like Marriott and Sheraton, reported in April that it was attacked for a second time, after suffering a malware incident in 2014. The company’s CEO said security measures that had been put in place following the first attack failed to stop a repeat occurrence.
Breaches can also hit different parts of a company system. In 2013, US Airways reported two data breaches that happened less than a month apart. The first targeted employees and exposed W-2 information, while the second affected the airline’s loyalty club members.
These secondary attacks are likely to become an increasing concern, especially since experts note that many companies have probably already been hacked but just don’t know it yet. That means, in some cases, hackers may be attacking multiple times to obtain customer records, and the thefts haven’t been detected.
As companies attempt to deal with data breach issues, consumers should be focusing on identity theft prevention, with the full awareness that lightning can certainly strike twice.
Whether or not you’ve had your information exposed in a breach before, be sure to stay vigilant. That means checking credit card and bank statements thoroughly, obtaining your credit report regularly, and shredding unnecessary documents and receipts.
Another tactic for identity theft prevention is enrolling in a product like IdentityForce’s UltraSecure, which monitors your personal information 24/7 and notifies you quickly of any suspicious activity. If any identity theft damage does occur, IdentityForce will be with you every step of the way to help you restore your identity.
Image courtesy of Flickr user Alfred Payne.