IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Guess suffers ransomware attack and data breach

The fashion retailer said Social Security numbers may have leaked

Black and white hanging Guess sign

Fashion brand Guess notified customers of a data breach that occurred in February following a ransomware attack.

According to an email sent to its Maine customers, the company recently investigated the attack.

“Upon discovery of the incident on February 19, 2021, Guess activated its incident response plan, and a cyber security forensics firm was engaged to assist with the investigation and containment. The investigation determined that there was unauthorized access to certain Guess systems between February 2, 2021 and February 23, 2021,” the email stated.

“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”

Guess said hackers might have accessed or acquired Social Security numbers, driver's license numbers, passport numbers, and/or financial account numbers. It has also notified law enforcement and is cooperating with their investigation. The retailer also said it would implement additional measures to enhance security protocols.

Erich Kron, a security awareness advocate at KnowBe4, told ITPro the significant amount of personal data collected is an extremely valuable dataset for cyber criminals seeking to steal identities. 

“Since ransomware, including that from the Darkside group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organizations should focus on securing,” Kron said. 

“Ensuring multi-factor authentication is used to protect accounts, employees are trained to spot and report phishing emails and good password hygiene can go a long way to improving security against these types of breaches. In addition, organizations should have data loss prevention (DLP) controls in place and monitored constantly."

Trevor Morgan, product manager at comforte AG, told ITPro that companies have a responsibility to carry out the due diligence of protecting the data they have already collected and processed. 

“Keeping it secure behind a perimeter is a good start, but applying data-centric security like tokenization, which replaces sensitive data elements with innocuous tokens, helps to mitigate situations like these when data breaches actually occur,” Morgan said.

“Even if hackers get their hands on tokenized sensitive data, they can’t do anything with it and thus it becomes worthless (and protects data subjects from potentially catastrophic consequences). The investment for organizations into data-centric security is a much better scenario than the fallout from a data breach."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022