Fashion chain Guess suffers data breach following ransomware attack

Six-page letter doesn’t share very many details about the attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Popular American clothing brand and retailer Guess is snail mailing its customers alerting them about a data breach as part of aransomwareattack on the brand earlier this year in February.

According to the six-page letter, a copy of which has been seen byBleepingComputer, the company hired acybersecurityforensics firm to assess the extent of the damage.

“The investigation determined that there was unauthorized access to certain Guess systems between February 2, 2021 and February 23, 2021. On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor,” reveals Guess in thenotification letter.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

While the breach notification letter doesn’t mention the total number of individuals impacted by the breach,BleepingComputerhas learnt through information filed with the office of Maine’s Attorney General that the firm believes that the attack exposed data of just over 1300 people.

Anyone’s guess

Anyone’s guess

In the notification letter, Guess shares that the investigation by the forensic experts reveals that the threat actors could have accessed or exfiltrated the Social Security numbers, driver’s license numbers, passport numbers, and “financial account numbers."

“Following completion of the review of the documents that were potentially accessed, additional work was required to identify addresses for involved individuals. This work was completed on June 3, 2021,” informs the notification letter.

As it began notifying the affected users, Guess also offered complimentary one-year membership tocredit monitoringandidentity theft protectionservices throughExperianto their impacted customers.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While Guess hasn’t provided any details about the identity of its cyber tormentor, or whether it coughed up the ransom,BleepingComputerpoints towards DarkSide based on therevelations made by DataBreaches.netwho claimed the ransomware gang listed Guess as one of their victims.

DarkSide hasapparently gone quietafter law enforcement went after the gang following itsattack on the Colonial Pipeline, which disrupted fuel supply across the US in May, 2021.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI