Skip to main content

Fashion brand Guess comes clean on February ransomware attack

Global clothing and fashion accessories retailer Guess announced this week that it suffered a ransomware attack in February that enabled unnamed hackers to access and exfiltrate customer information, including social security numbers and passport numbers.

In a notification mailed to all affected customers, Susan Tenney, Senior Director of Human Resources at Guess, Inc. said the company recently discovered that certain devices were accessed without authorisation and that an attempt was made by malicious actors to encrypt the company’s systems.

“We immediately activated our incident response plan, took measures to stop the access, and launched an investigation. A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorised access to Guess’ systems between February 2, 2021, and February 23, 2021.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorised actor during that time. The information accessed or acquired may have included your Social Security number, driver’s license number, passport number, and/or financial account number,” she added in the notification accessed by Bleeping Computer.

Guess added that it is offering a complimentary one-year membership in credit monitoring and identity theft protection services to affected customers and to prevent such an incident from occurring again, it is implementing additional measures to further enhance the security of its network and existing security protocols. According to Bleeping Computer, the data of more than 1,300 people was accessed or acquired by ransomware actors.

Even though Guess did not name the hacker group responsible for the attack, the DarkSide ransomware gang, which gained infamy after targeting Colonial Pipeline’s network in May, reportedly boasted about having the fashion retailer as one of its victims in April. According to, DarkSide claimed that it exfiltrated more than 200GB of data from Guess’ systems and advised the company to use insurance to cover the ransom payment.

Commenting on the incident suffered by Guess, Erich Kron, Security Awareness Advocate at KnowBe4, said that although the Darkside ransomware group is out of commission, that does not mean this breach is insignificant. The significant amount and very personal types of data being collected by the organisation, including passport numbers, Social Security numbers, driver’s license numbers, financial account and/or credit/debit card numbers with security codes, passwords, or PIN numbers, is an extremely valuable dataset for cyber criminals if they want to steal identities. For this reason, unlike it appears in this case, organisations are wise to limit the amount of data kept and stored in systems.

“Since ransomware, including that from the Darkside group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organizations should focus on securing. Ensuring multi-factor authentication is used to protect accounts, employees are trained to spot and report phishing emails and good password hygiene can go a long way to improving security against these types of breaches. In addition, organizations should have data loss prevention (DLP) controls in place and monitored constantly,” he added.


All rights reserved Teiss Recruitment Ltd.