Guess, an American fashion brand, was hit by a ransomware attack in February, and the company has now announced a data breach and notified affected customers.
The attack was most likely carried out by the DarkSide ransomware gang, which claimed to have stolen over 200 GB of data from Guess in April on their data breach site.
With the help of a cybersecurity forensic firm, the company examined the security breach and discovered that an unauthorized actor had access to personal information held in Guess systems.
“The investigation determined that there was unauthorized access to certain Guess systems between February 2, 2021, and February 23, 2021. On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor. The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.” reads the breach notification letter sent to the impacted users and reported by BleepingComputer.
As of May 2021, Guess operates 1,041 retail stores in the Americas, Europe, and Asia, with another 539 stores operated by its distributors and partners around the world.
Guess stores are present in more than a hundred countries throughout the world.
Threat actors did not obtain access to consumer payment card information, according to the company, and the security breach had no substantial impact on operations or financial results.
On July 9th 2021, the fashion store began sending notification emails to those whose information may have been compromised.
Individuals affected by the security breach will receive a complimentary year of identity theft protection and credit monitoring services through Experian.
The company has yet to identify the number of people affected as of this reporting, however information submitted by the company to Maine’s Attorney General’s office indicates that a little over 1,300 people were affected.
Guess has taken further steps to improve the security of its infrastructure in the hopes of preventing a repeat of the incident.
Despite the fact that Guess provided no information about the threat actor behind the ransomware attack, DataBreaches.net reported in April that the DarkSide ransomware gang had identified Guess on its data leak site.
Before attempting to encrypt the systems, the ransomware gang claimed to have stolen over 200 GB of data from the fashion retailer’s network.
You might also like:
Magecart hackers hide stolen credit card data into images and fake CSS files
Mint Mobile data breach: Hackers accessed personal data
Kaseya issued fixes for flaws exploited in REvil ransomware attack