Guess announces breach of employee SSNs and financial data after DarkSide ransomware attack
Fashion brand Guess has notified customers who have been impacted by a ransomware attack that occurred in February. The company has not clarified the number of victims, however, unauthorized access to certain Guess systems occurred in the early days of February, leading to a breach of driver’s license numbers, passport numbers, financial account numbers, and Social Security numbers. A Guess spokesperson would not answer questions about the total amount of victims, however, he did confirm that there was no customer payment card information involved in the breach. The company appeared on a victim data leak site for the ransomware group DarkSide in April, where the threat actors announced that they had stolen 200 GB of data from the fashion brand as a result of a February attack. Guess has not confirmed if these incidents are related.
Guess reported that they conducted an investigation into the security incident, which involved third-party access to certain systems. The company also allegedly notified law enforcement and contractors and employees whose information was involved. The company also reported having taken steps to enhance its cybersecurity systems. In April, a DarkSide representative stated that they had accessed Guess’ financial records, along with other sensitive information.