In May 2015, Sally Beauty Holdings disclosed its second payment card breach in approximately one year. The beauty supply retailer discovered unauthorized access to payment card data from its point-of-sale systems at certain store locations. Approximately 25,000 customer payment card records were compromised. Fraud researchers at KrebsOnSecurity reported in May 2015 that a batch of stolen cards, dubbed ‘Belladonna’ by underground card shops, had been traced back to Sally Beauty customers. The company confirmed it was investigating POS malware at stores. Sally Beauty’s first breach (disclosed March 2014) had also involved POS malware and approximately 282,000 cards. The recurrence of a similar attack suggested persistent vulnerabilities in the company’s POS security posture. Sally Beauty hired a forensics firm to investigate, notified affected customers, and issued replacement cards in coordination with card issuers.