(Reuters) - Sally Beauty Holdings Inc confirmed that criminals used malware at some of its point-of-sale systems between March 6 and April 17.
"... Payment card information of customers that used cards at affected U.S. Sally Beauty stores during this time may have been put at risk," the company said.
The company began investigating a possible security incident after it received reports of unusual activity in late April involving payment cards used at some of its U.S. stores.
Sally Beauty said on Thursday it does not collect or store personal identification number (PIN) data and therefore had no reason to believe that debit card PINs may have been impacted.
A string of retailers including Home Depot Inc and Target Corp have reported large-scale data breaches at their stores in the past couple of years.
Reporting by Yashaswini Swamynathan in Bengaluru; Editing by Maju Samuel