Fashion brand Guess comes clean on February ransomware attack

Fashion brand Guess comes clean on February ransomware attack

Fashion brand Guess comes clean on February ransomware attack

Global clothing and fashion accessories retailer Guess announced this week that it suffered a ransomware attack in February that enabled unnamed hackers to access and exfiltrate customer information, including social security numbers and passport numbers.

In a notification mailed to all affected customers, Susan Tenney, Senior Director of Human Resources at Guess, Inc. said the company recently discovered that certain devices were accessed without authorisation and that an attempt was made by malicious actors to encrypt the company’s systems.

“We immediately activated our incident response plan, took measures to stop the access, and launched an investigation. A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorised access to Guess’ systems between February 2, 2021, and February 23, 2021.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorised actor during that time. The information accessed or acquired may have included your Social Security number, driver’s license number, passport number, and/or financial account number,” she added in the notification accessed by Bleeping Computer.

Guess added that it is offering a complimentary one-year membership in credit monitoring and identity theft protection services to affected customers and to prevent such an incident from occurring again, it is implementing additional measures to further enhance the security of its network and existing security protocols. According to Bleeping Computer, the data of more than 1,300 people was accessed or acquired by ransomware actors.

Even though Guess did not name the hacker group responsible for the attack, the DarkSide ransomware gang, which gained infamy after targeting Colonial Pipeline’s network in May, reportedly boasted about having the fashion retailer as one of its victims in April. According to, DarkSide claimed that it exfiltrated more than 200GB of data from Guess’ systems and advised the company to use insurance to cover the ransom payment.

Commenting on the incident suffered by Guess, Erich Kron, Security Awareness Advocate at KnowBe4, said that although the Darkside ransomware group is out of commission, that does not mean this breach is insignificant. The significant amount and very personal types of data being collected by the organisation, including passport numbers, Social Security numbers, driver’s license numbers, financial account and/or credit/debit card numbers with security codes, passwords, or PIN numbers, is an extremely valuable dataset for cyber criminals if they want to steal identities. For this reason, unlike it appears in this case, organisations are wise to limit the amount of data kept and stored in systems.

“Since ransomware, including that from the Darkside group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organizations should focus on securing. Ensuring multi-factor authentication is used to protect accounts, employees are trained to spot and report phishing emails and good password hygiene can go a long way to improving security against these types of breaches. In addition, organizations should have data loss prevention (DLP) controls in place and monitored constantly,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

Top 6 Mobile App-Related Data Breaches

Smartphones are a prevalent feature in modern life. With more than three billion smartphone users around the world, who downloaded over 200 billion apps in 2019, it comes as no…

Cyber-security blind spots in PaaS and IaaS environments

Research finds that 100% of companies experienced a security incident, but continue to expand their footprint

Popping the hood on deep learning

Now that cyber-criminals have learned how to compromise machine learning defences, deep learning provides a way forward for security teams

Related Articles

[s2Member-Login login_redirect=”” /]