Fashion retailer Guess discloses data breach after ransomware attack
American fashion brand name and also retailer Guess is informing impacted consumers of a data breach complying with a February ransomware attack that resulted in data burglary.
“A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021 and February 23, 2021,” the firm stated in breach alert letters mailed to affected consumers.
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”
Guess straight runs 1,041 retailers in the Americas, Europe, and also Asia, and also its representatives and also companions an additional 539 added shops worldwide since May 2021. The shops component of Guess’ retail network presently run in about 100 nations all over the world.
Personal and also monetary information swiped in the attack
The fashion retailer determined the addresses of all affected people after finishing a complete testimonial of the papers kept on breached systems on June 3, 2021.
Guess started mailing breach alert letters to impacted consumers on June 9, using free identification burglary security solutions and also one year of complimentary credit score surveillance with Experian to all affected people.
According to the breach alerts sent by mail on Friday, info revealed in the attack consists of individual and also fin
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor,” Guess stated.
“The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.”
While the breach alert letters do not expose the variety of damaged people, info submitted with the workplace of Maine’s Attorney General reveals that simply over 1,300 individuals had their data revealed or accessed throughout the February attack.
The submitted breach information likewise exposes that the info gotten throughout the case consists of “Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).”
Guess has actually applied added steps to enhance its protection methods and also is accepting police as component of a recurring case examination.
DarkSide ransomware most likely behind the attack
Even though Guess did not give any kind of information on the identification of the risk star behind the ransomware attack, DataBreaches.net reported in April that the DarkSide ransomware gang provided Guess on their data leakage website.
At the moment, the ransomware team declared to have actually swiped over 200 GB well worth of data from the fashion retailer’s network prior to trying to secure their systems.
DarkSide has actually been energetic considering that at the very least August 2020, concentrating on business networks and also asking countless bucks for decryptors and also the pledge not to leakage the swiped data online.
The ransomware gang landed in the crosshairs of United States police after removing Colonial Pipeline, the biggest gas pipe in the United States, in May.
After enhanced analysis from police and also having a few of their facilities took or lowered, DarkSide instantly closed down in late May, apparently out of worry of being apprehended.
A Guess agent was not readily available for remark when BleepingComputer connected for additional information previously today.