American fashion brand Guess is notifying customers that their data was compromised in a February ransomware attack.
A third-party cybersecurity forensic firm conducted an investigation and identified unauthorized access to Guess’ systems between February 2, 2021, and February 23, 2021.
The company said in an email to impacted customers and shared by BleepingComputer:
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”
Following an investigation, the company says it managed to identify all the addresses of the individuals affected by the breach.
The company started mailing breach notification letters on June 9, offering free identity theft protection and credit monitoring with Experian to the affected customers.
According to the email sent on Friday to customers, the information compromised in the attack included personal and financial information:
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor,” Guess wrote. “The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.”
As many as 1,300 individuals had their data exposed during the February attack, according to the report filed by the company with the office of Maine’s Attorney General.
The information that was obtained includes “Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).”
As part of its investigation, Guess has strengthened its security protocols. The company is also cooperating with local authorities.
Even though it wasn’t able to provide details about the attacker, DataBreaches.Net reported in April that it was the DarkSide gang who attacked Guess according to a listing on its data breach site. The group claimed to have stolen over $200 GB worth of files from the retailer’s network.
After the attack on Colonial Pipeline, DarkSide fell under scrutiny due to much attention from law enforcement and suddenly shut down its operations in May.
Guess is a globally recognized brand, it operates over a thousand retail stores in the Americas, Asia, and Europe, and its distributors and partners have another 539 stores in roughly 100 countries.