A US fashion brand famed for its designer jeans, Guess, has now notified impacted customers after a ransomware attack back in February resulted in data records being stolen by threat operators.

Unauthorised access uncovered

The American fashion retailer disclosed the attack and its effects on customers in a recent data breach notification letter mailed out to data subjects involved. The notification explained:

“A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorised access to Guess’ systems between February 2, 2021, and February 23, 2021. On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorised actor.”

The company currently operates an international network of 1,041 retail outlets based in Europe and Asia along with the Americas, while its partners and distributors run a further 539 stores. In total Guess’s network extends to around 100 different countries in the world.

The retailer has now identified addresses for all data subjects impacted after it completed a full review of all documents retained on the systems breached.

Guess started mailing its notification letters to customers last month, while offering them free protection services to defend against identity theft and a years’ worth of complimentary credit monitoring via Experian.

According to the mailed notifications, data exposed in the recent ransomware attack includes both financial and personal details. Guess commented:

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorised actor. The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.”

Although the breach notices do not show the number of impacted individuals, documents filed with the Maine office of the Attorney General state that more than 1,300 data subjects had their personal information accessed or exposed in the attack.

DarkSide ransomware gang activity

While Guess has not provided any details on the identity of the ransomware gang behind the attack, the site DataBreaches.net posted in April that DarkSide ransomware operators had listed the fashion brand on their dedicated data leak website.

At that time, the infamous ransomware gang boasted it had stolen more than 200 GB of data from Guess’s systems before it encrypted its network.

The DarkSide ransomware gang has been operating since August last year, mainly targeting corporate networks before requesting ransoms that amount to millions of dollars in return for decryption devices and the promise of not leaking the data stolen online.

The renowned ransomware gang recently caught the attention of law enforcement and government agencies in the United States after its activities took down Colonial Pipeline, the county’s largest fuel pipeline, back in May. Reports suggest that the ransomware gang shut down its operations for fear of being apprehended but as the Guess data breach disclosure shows, the group’s past crimes are still having an impact on enterprises and individuals across the globe.