American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft.
“A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021 and February 23, 2021,” the company said in breach notification letters mailed to impacted customers.
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”
Guess directly operates 1,041 retail stores in the Americas, Europe, and Asia, and its distributors and partners another 539 additional stores worldwide as of May 2021. The stores part of Guess’ retail network currently operate in roughly 100 countries around the world.
Personal and financial info stolen in the attack
The fashion retailer identified the addresses of all impacted individuals after completing a full review of the documents stored on breached systems on June 3, 2021.
Guess began mailing breach notification letters to affected customers on June 9, offering complimentary identity theft protection services and one year of free credit monitoring through Experian to all impacted individuals.
According to the breach notifications mailed on Friday, information exposed in the attack includes personal and fin
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor,” Guess said.
“The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.”
While the breach notification letters do not reveal the number of affected individuals, information filed with the office of Maine’s Attorney General shows that just over 1,300 people had their data exposed or accessed during the February attack.
The filed breach info also reveals that the information acquired during the incident includes “Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).”
Guess has implemented additional measures to boost its security protocols and is cooperating with law enforcement as part of an ongoing incident investigation.