[BreachExchange] Fashion Retailer Guess Notifies Users of Data Breach

[Sophia Kingsbury]

https://www.securityweek.com/fashion-retailer-guess-notifies-users-data-breach

Fashion retailer Guess last week confirmed that the personal data of some
customers was compromised in a ransomware attack it suffered in February
2021.

In a filing with the Maine Attorney General’s Office last week, the company
said it fell victim to a ransomware attack in February this year, and an
investigation it launched into the incident has revealed that some user
data was accessed by the hackers.

The incident, Guess says, was discovered on February 19. In addition to
attempting to encrypt files on the organization’s systems and disrupt its
operations, the adversaries were able to access “certain Guess systems
between February 2, 2021 and February 23, 2021.”

According to Guess, it was only in late May that it discovered that the
adversary indeed accessed users’ personal information, including “Social
Security numbers, driver's license numbers, passport numbers and/or
financial account numbers.”

In the data breach notification filing, Guess revealed that a total of
1,304 individuals are believed to have been affected in the incident,
including four Maine residents. The company started notifying the affected
users on July 9.

The fashion retailer also says that it has implemented additional measures
to improve its network security and mitigate the risks of similar incidents
occurring in the future.

DataBreaches.net reported that the attack on Guess was launched by the
DarkSide group, which also targeted Colonial Pipeline earlier this year.
DarkSide apparently shut down operations following the attack on Colonial
Pipeline, but before doing so, they claimed to have stolen 200 Gb of files
from the fashion retailer.

“We notified law enforcement and are cooperating with their investigation.
We also implemented additional measures to enhance our security protocols.
We regret that this occurred and apologize for any inconvenience,” the
company says in the notification letter to the affected individuals.

The American clothing brand and retailer also makes accessories, such as
bags, jewelry, perfumes, and watches. The company has more than 1,000
retail stores in the Americas, Europe and Asia, and, as of January 2021,
also operated 524 additional retail stores worldwide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210713/4d6ae451/attachment.html>