Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Fashion Retailer Guess Notifies Users of Data Breach

Fashion retailer Guess last week confirmed that the personal data of some customers was compromised in a ransomware attack it suffered in February 2021.

Fashion retailer Guess last week confirmed that the personal data of some customers was compromised in a ransomware attack it suffered in February 2021.

In a filing with the Maine Attorney General’s Office last week, the company said it fell victim to a ransomware attack in February this year, and an investigation it launched into the incident has revealed that some user data was accessed by the hackers.

The incident, Guess says, was discovered on February 19. In addition to attempting to encrypt files on the organization’s systems and disrupt its operations, the adversaries were able to access “certain Guess systems between February 2, 2021 and February 23, 2021.”

According to Guess, it was only in late May that it discovered that the adversary indeed accessed users’ personal information, including “Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers.”

In the data breach notification filing, Guess revealed that a total of 1,304 individuals are believed to have been affected in the incident, including four Maine residents. The company started notifying the affected users on July 9.

The fashion retailer also says that it has implemented additional measures to improve its network security and mitigate the risks of similar incidents occurring in the future.

DataBreaches.net reported that the attack on Guess was launched by the DarkSide group, which also targeted Colonial Pipeline earlier this year. DarkSide apparently shut down operations following the attack on Colonial Pipeline, but before doing so, they claimed to have stolen 200 Gb of files from the fashion retailer.

“We notified law enforcement and are cooperating with their investigation. We also implemented additional measures to enhance our security protocols. We regret that this occurred and apologize for any inconvenience,” the company says in the notification letter to the affected individuals.

Advertisement. Scroll to continue reading.

The American clothing brand and retailer also makes accessories, such as bags, jewelry, perfumes, and watches. The company has more than 1,000 retail stores in the Americas, Europe and Asia, and, as of January 2021, also operated 524 additional retail stores worldwide.

Related: Insurer CNA Discloses Ransomware Attack

Related: RNC Says No Data Accessed in Synnex Breach

Related: Volkswagen America Discloses Data Breach Impacting 3.3 Million

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.