Guess suffers ransomware attack and data breach

The fashion retailer said Social Security numbers may have leaked

Black and white hanging Guess sign

Fashion brand Guess notified customers of a data breach that occurred in February following a ransomware attack.

According to an email sent to its Maine customers, the company recently investigated the attack.

“Upon discovery of the incident on February 19, 2021, Guess activated its incident response plan, and a cyber security forensics firm was engaged to assist with the investigation and containment. The investigation determined that there was unauthorized access to certain Guess systems between February 2, 2021 and February 23, 2021,” the email stated.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”

Guess said hackers might have accessed or acquired Social Security numbers, driver's license numbers, passport numbers, and/or financial account numbers. It has also notified law enforcement and is cooperating with their investigation. The retailer also said it would implement additional measures to enhance security protocols.

Erich Kron, a security awareness advocate at KnowBe4, told ITPro the significant amount of personal data collected is an extremely valuable dataset for cyber criminals seeking to steal identities. 

“Since ransomware, including that from the Darkside group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organizations should focus on securing,” Kron said. 

“Ensuring multi-factor authentication is used to protect accounts, employees are trained to spot and report phishing emails and good password hygiene can go a long way to improving security against these types of breaches. In addition, organizations should have data loss prevention (DLP) controls in place and monitored constantly."

Trevor Morgan, product manager at comforte AG, told ITPro that companies have a responsibility to carry out the due diligence of protecting the data they have already collected and processed. 

“Keeping it secure behind a perimeter is a good start, but applying data-centric security like tokenization, which replaces sensitive data elements with innocuous tokens, helps to mitigate situations like these when data breaches actually occur,” Morgan said.

“Even if hackers get their hands on tokenized sensitive data, they can’t do anything with it and thus it becomes worthless (and protects data subjects from potentially catastrophic consequences). The investment for organizations into data-centric security is a much better scenario than the fallout from a data breach."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021
Graylog launches new cyber security solution to address legacy issues
cyber security

Graylog launches new cyber security solution to address legacy issues

21 Oct 2021
US to ban surveillance software exports to authoritarian governments
cyber security

US to ban surveillance software exports to authoritarian governments

21 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021