American fashion brand and retailer Guess suffered a data breach following a February ransomware attack that led to data theft.
The company has started notifying the affected customers regarding the data breach which states that upon investigation an unauthorized access to Guess’ systems were identified between February 2, 2021 and February 23, 2021.
Following the investigation, on May 26, 2021, it was determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.
Guess directly operates 1,041 retail stores in the Americas, Europe, and Asia, and its distributors and partners another 539 additional stores worldwide as of May 2021. The stores part of Guess’ retail network currently operate in around 100 countries.
The fashion retailer identified the addresses of all impacted individuals after completing a full review of the documents stored on breached systems on June 3, 2021.
Guess has offered complimentary identity theft protection services and one year of free credit monitoring through Experian to all its impacted individuals.
The information exposed in the attack includes detail such as Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers.
Even though the number of affected individuals is not revealed, the information filed with the office of Maine’s Attorney General shows that over 1,300 people had their data exposed or accessed during the February attack.
Guess has implemented additional measures to boost its security protocols and is cooperating with law enforcement as part of an ongoing incident investigation.
Guess did not provide any details about the threat actor behind the ransomware attack, but the DarkSide ransomware gang had listed Guess on their data leak site.
The group claimed to have stolen over 200 GB worth of files from the fashion retailer’s network before attempting to encrypt their systems.