Fashion Retailer Guess Notified Data Breach
Reading Time: 2 minutes

Fashion retailer Guess notified data breach to affected customers after a ransomware attack in February.

The company sent breach notifications via email which said “A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021, and February 23, 2021.”

Further, the email said, “On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”

The retail store has around 1041 retail outlets in the Americas, Europe, and Asia and 539 stores across the world which includes its distributors and partners as of May 2021. It operates in almost 100 countries around the world.

Personal and Financial Information Stolen

The hackers managed to steal personal and financial information according to Guess after scrutinizing the documents stored on the breached systems on 3rd June 2021. The fashion retailer carried out an investigation on May 26, 2021, that revealed the details of the stolen data by bad actors.

Guess sent notification emails on June 9 to affected customers informing them about the data breach. It also offered complimentary identity theft protection services and one year of free credit monitoring through Experian to all impacted individuals.

Guess said, “The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.”

According to information filed with the office of Maine’s Attorney General, it looks like nearly 1300 people were affected by the ransomware attack.

Information stolen by the bad actors includes Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password, or PIN for the account).

Post ransomware attack Guess has updated its security protocols and is cooperating with law enforcement as part of an ongoing incident investigation.

Who is Responsible for the Ransomware Attack?

The fashion retailer Guess has been listed on the DarkSide ransomware gangs data leak site. The ransomware gang has been active since August 2020 and claims to have stolen over 200GB worth of files from the retailer’s network before attempting to encrypt their systems.

DarkSide was also involved in the Colonial Pipeline ransomware attack earlier in May.

After a sudden shut down in late May, with increased scrutiny from law enforcement and few of their infrastructures brought down. Looks like they’re back in business.

Related Articles:

MariaDB launches distributed query engine into proprietary DBaaS
Ultra Guard Capsule – Tiny Portable UV Flashlights
Mandriva Linux Based – Mageia 8 Available with Updates