Guess, a clothing brand based in the U.S. has suffered a data breach due to a ransomware attack. The company has issued letters to its customers whose personal data was stolen.
The fashion company has 1,041 retail stores located worldwide. It said that between February 2 to 23, 2021, unauthorized access occurred to its computer system.
According to the letters sent, the incident resulted in the theft of financial account data, passport numbers, driver’s license numbers, and Social Security numbers.
In April, the company was listed on the DarkSide’s website of data leak victims. The ransomware group publicly claimed to obtain 200 gigabytes of data from the clothing brand from the cyberattack.
A Guess representative said that the company had worked with independent cybersecurity companies in the investigation. It also alerted federal agents and contacted a group of contractors and staff whose data was compromised.
Guess had already finished the investigation of the cybersecurity issue involving data breaches to specific systems on the company’s network.
The company noted that it took necessary actions to improve the security of our systems. Moreover, the representative added that no customer card details were exposed, based on the investigation. The financial and operations performance was also not affected.
Guess’ security staff identified the breach on February 19, but it wasn’t until February 23 that they knew hackers had infiltrated their system. The company took until May 26 to verify that some personal details had been obtained.
The company didn’t start sending out a notice to compromised customers until July 9th.
Guess is providing identity theft protection and credit monitoring services valid for 1 year from Experian. It also stated that it established a contact center for anyone with concerns about the issue or who wants to sign up for the services.
A DarkSide member talked with a Databreaches.net reporter in April, stating that they had analyzed Guess’ financial information and learn the firm made in revenue roughly $2.7 billion the previous year.
The DarkSide member claimed that they proposed to the company to use their insurance to cover this incident. It will return 4 times the cost of gaining this experience.
The ransomware group takes steps in phases and typically informs the press when they are certain the firm will not give the payment, the member added.
This incident is just one of the many cyberattacks that have been increasingly prevalent since the pandemic.