The number of cards compromised is at least 10x the number reported (fewer than 25,000), according to Brian Krebs. An analysis has been done of the zip codes of the cards stolen that are available for sale, and it looks like every SB store in the USA was compromised, just like Target.
A similar analysis was done on the Target breech cards, matching the zip codes of the stores with the zip codes of the site selling the cards, they found that the selling site had the zip code of the card, with a 99%+ correlation between store zip and customer zip. The reason for also including the zip code information is that the banks didn't want to inconvenience their customers so close to Christmas, so they geo-fenced the cards, meaning that the stolen card info could be used within the customer's home zip code area.
http://krebsonsecurity.com/2014/03/zip-codes-show-extent-of-sally-beauty-breach/
A similar analysis was done on the Target breech cards, matching the zip codes of the stores with the zip codes of the site selling the cards, they found that the selling site had the zip code of the card, with a 99%+ correlation between store zip and customer zip. The reason for also including the zip code information is that the banks didn't want to inconvenience their customers so close to Christmas, so they geo-fenced the cards, meaning that the stolen card info could be used within the customer's home zip code area.
http://krebsonsecurity.com/2014/03/zip-codes-show-extent-of-sally-beauty-breach/