The fashion brand admitted that cybercriminals gained access to people’s Social Security numbers, driver’s license numbers, passport numbers and financial account numbers.
Billion-dollar fashion brand Guess has sent letters out to an unknown number of people whose information they lost during a ransomware attack in February. First shared by Bleeping Computer’s Sergiu Gatlan, the letters state that «unauthorized access» to certain Guess systems between February 2, 2021 and February 23, 2021 led to a breach of Social Security numbers, driver’s license numbers, passport numbers and financial account numbers. The letters — signed by Guess HR senior director Susan Tenney — only went out to four residents in Maine, per the state’s guidelines, but the company implied that more people were affected. In a statement to ZDNet, a Guess spokesperson would not answer questions about how many victims there were, only saying that «no customer payment card information was involved.» The Guess spokesperson would not confirm whether the breach was part of a ransomware attack, but the company appeared on the victim data leak site for ransomware group DarkSide in April, and the group openly boasted about stealing 200 GB of data from the fashion brand during an attack in February. «Guess?, Inc. recently concluded an investigation into a security incident that involved unauthorized access to certain systems on Guess?, Inc.
