Popular American clothing brand and retailer Guess is snail mailing its customers alerting them about a data breach as part of a ransomware attack on the brand earlier this year in February.
According to the six-page letter, a copy of which has been seen by BleepingComputer, the company hired a cybersecurity forensics firm to assess the extent of the damage.
“The investigation determined that there was unauthorized access to certain Guess systems between February 2, 2021 and February 23, 2021. On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor,” reveals Guess in the notification letter.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
While the breach notification letter doesn’t mention the total number of individuals impacted by the breach, BleepingComputer has learnt through information filed with the office of Maine’s Attorney General that the firm believes that the attack exposed data of just over 1300 people.
In the notification letter, Guess shares that the investigation by the forensic experts reveals that the threat actors could have accessed or exfiltrated the Social Security numbers, driver’s license numbers, passport numbers, and “financial account numbers.”
“Following completion of the review of the documents that were potentially accessed, additional work was required to identify addresses for involved individuals. This work was completed on June 3, 2021,” informs the notification letter.
As it began notifying the affected users, Guess also offered complimentary one-year membership to credit monitoring and identity theft protection services through Experian to their impacted customers.
While Guess hasn’t provided any details about the identity of its cyber tormentor, or whether it coughed up the ransom, BleepingComputer points towards DarkSide based on the revelations made by DataBreaches.net who claimed the ransomware gang listed Guess as one of their victims.