Sally Beauty? Hacked again.

Twice in one year. Every store, over a quarter million cards compromised.

The thieves got in through a Citrix portal used by employees on the road.

"...“The attackers somehow had login credentials of a district manager,” Curlovic said. “This guy was not exactly security savvy. When we got his laptop back in, we saw that it had his username and password taped to the front of it.”

ETA: why did a district manager have wide access to the company network? Managers should have access to financial databases. Even IT people should have controls to prevent a single password compromise from betraying the whole network. When I was at the police department in the '90s, we had two computers: one was used for administrative work and had no email or internet access, the other was our normal working computer. (there were no virtual machines back then) If I ever become a manager, I'm going to implement the same thing: your admin work will be done through a VM and won't have email access.

I think this manager who had his username and password taped to the front of the computer is fully deserving of a major demotion or outright firing. That is one of the most boneheaded moves that I've ever heard of.

https://krebsonsecurity.com/2015/05/deconstructing-the-2014-sally-beauty-breach/