June 5, 2015

Share Everywhere

Are Second-Strike Data Breaches Putting You at Risk?

Although the phrase “lightning never strikes the same place twice” may be familiar, it’s untrue. Yet the myth persists, because it seems inconceivable that such a destructive and seemingly uncontrollable phenomenon could hit the exact same spot for a second time. Victims who are reeling from that first, painful jolt may be shocked to learn they can get struck again, even as they scramble to take preventative measures.

That’s probably how the executives at Sally Beauty are feeling.

The company first reported a data breach in mid-2014, noting that hackers had stolen information, including credit card numbers and security codes, about thousands of customers. Much like any company that’s been hit with a breach, Sally Beauty brought on security experts, employed computer forensics and even worked with the U.S. Secret Service.

Then, just a month ago, it happened again. Despite all of those protective measures and new security, another 25,000 customers were affected. Sally Beauty is now working with law enforcement and forensics experts in the hope that “data breach lightning” doesn’t happen a third time.

A Future Trend?

Although this kind of second-strike breach isn’t widespread yet, Sally Beauty isn’t the only company to report multiple attacks.

White Lodging Services Corporation, a hotel management company that operates properties like Marriott and Sheraton, reported in April that it was attacked for a second time, after suffering a malware incident in 2014. The company’s CEO said security measures that had been put in place following the first attack failed to stop a repeat occurrence.

Breaches can also hit different parts of a company system. In 2013, US Airways reported two data breaches that happened less than a month apart. The first targeted employees and exposed W-2 information, while the second affected the airline’s loyalty club members.

These secondary attacks are likely to become an increasing concern, especially since experts note that many companies have probably already been hacked but just don’t know it yet. That means, in some cases, hackers may be attacking multiple times to obtain customer records, and the thefts haven’t been detected.

Protecting Yourself

As companies attempt to deal with data breach issues, consumers should be focusing on identity theft prevention, with the full awareness that lightning can certainly strike twice.

Whether or not you’ve had your information exposed in a breach before, be sure to stay vigilant. That means checking credit card and bank statements thoroughly, obtaining your credit report regularly, and shredding unnecessary documents and receipts.

Another tactic for identity theft prevention is enrolling in a product like IdentityForce’s UltraSecure, which monitors your personal information 24/7 and notifies you quickly of any suspicious activity. If any identity theft damage does occur, IdentityForce will be with you every step of the way to help you restore your identity.

Image courtesy of Flickr user Alfred Payne.

Judy Leary

President at IdentityForce
For Judy, identity theft protection is in her DNA—her dad started IdentityForce’s parent company in the 70s, and in the 80s, she and her brother came on board. She loves her dedicated team and how much they care about every member, partner, and supplier. In addition to protection against identity theft, Judy is passionate about travel (Aruba is her “happy place”!) and giving back. She volunteers for the Alzheimer’s Association, Mazie Mentoring Program, and Sunshine Golden Retriever Rescue. She’s also a proud mom to 2 grown daughters and 3 rescue dogs.

Latest posts by Judy Leary (see all)

Join The Discussion

Your email address will never be published.