Magazine Button
Fashion retailer, Guess, discloses data breach after ransomware attack

Fashion retailer, Guess, discloses data breach after ransomware attack

DataDataEnterprise SecurityLatest ThreatsRetailTop Stories

American fashion brand and retailer, Guess, is notifying affected customers of a data breach following a February ransomware attack that led to data theft.

“A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorised access to Guess’ systems between February 2, 2021 and February 23, 2021,” the company said in breach notification letters mailed to impacted customers.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorised actor.”

Guess directly operates 1,041 retail stores in the Americas, Europe and Asia, and its distributors and partners another 539 additional stores worldwide as of May 2021. The stores part of Guess’ retail network currently operate in roughly 100 countries around the world.

Erich Kron, Security Awareness Advocate at KnowBe4 commented: “Although the Darkside ransomware group is out of commission, that does not mean this breach is insignificant. The significant amount and very personal types of data being collected by the organisation, including passport numbers, Social Security numbers, driver’s license numbers, financial account and/or credit/debit card numbers with security codes, passwords or PIN numbers, is an extremely valuable dataset for cybercriminals if they want to steal identities. For this reason, unlike it appears in this case, organisations are wise to limit the amount of data kept and stored in systems.

“Since ransomware, including that from the Darkside group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organisations should focus on securing. Ensuring Multi-Factor Authentication is used to protect accounts, employees are trained to spot and report phishing emails and good password hygiene can go a long way to improving security against these types of breaches. In addition, organisations should have data loss prevention (DLP) controls in place and monitored constantly.”

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive