Sally Beauty Holdings (SBH) has begun investigating a data breach that may have affected 25,000 customer records.

And as a result, the professional beauty supplies company topped this week’s list of IT security newsmakers, followed by Consumer Reports, Tiversa and Ponemon Institute.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week’s list of IT security stories to watch to find out:

1. Hackers attack Sally Beauty

Sally Beauty is working with law enforcement and its credit card processor to investigate reports of unusual activity involving payment cards at some of its stores. PC World pointed out that the incident occurred after Sally Beauty recently updated its point-of-sale (POS) systems across its U.S. locations.

Hackers stole payment card information in February 2014 from several Sally Beauty stores, but Sally Beauty officials did not say whether the most recent data breach was related to last year’s incident.

“It is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers,” the company said in a prepared statement.

2. Data from more than 70 million Americans exposed last year

A new Consumer Reports study of 3,000 Americans projected that more than 70 million Americans discovered that their personal information had been compromised in 2014. The study revealed 79 percent of those notified of a data breach were told by a brick-and-mortar store or financial institution, while 18 percent said the problem originated with an online retailer.

This study also highlighted the need for stronger consumer protections against data breaches, according to Consumer Reports.

“Congress needs to set strong federal standards for defending consumer data while allowing states to enact or maintain more stringent laws if necessary to protect their residents,” Ellen Bloom, senior director of Consumer Reports’ advocacy branch, said in a prepared statement.

3. Did Tiversa extort some of its customers?

Cybersecurity provider Tiversa allegedly used fake hacks and extortion to get customers to buy its services, an ex-Tiversa employee told CNNMoney.

Richard Wallace, a former Tiversa investigator, claimed that Tiversa used these tactics against Atlanta-based cancer testing center LabMD. Tiversa, however, has denied Wallace’s accusations.

“This is an overblown case of a terminated employee seeking revenge,” Tiversa CEO Bob Boback said. “Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.”

4. Ponemon: Healthcare industry cyber attacks on the rise

A new study from Ponemon Institute and ID Experts revealed the healthcare industry is experiencing a surge in data breaches, security incidents and criminal attacks.

The study showed that criminal attacks in healthcare are up 125 percent since 2010 and are now the leading causes of data breaches. In addition, the study revealed that most healthcare organizations are not prepared to address today’s rapidly changing cyber threat environment and lack the resources and processes to protect patient data.

“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks,” Ponemon Institute founder Dr. Larry Ponemon said in a prepared statement. “Since first conducting this study, healthcare providers are starting to make investments to protect patient information, which need to keep pace with the growing cyber threats.”

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].