Posted on July 13, 2021 at 5:40 PM
American major fashion retailer Guess has announced the breach of its servers after a February ransomware attack. The company is notifying affected customers about the breach to prevent further attacks on the users.
Guess says it has engaged a cybersecurity forensic to help with the investigation into the breach. The security firm discovered unauthorized access to Guess’ system from February 2 to February 23, 2021, according to a statement credited to the firm.
In May, the security team found out that the personal details of some customers may have been acquired or accessed by some threat actors.
The company has over 1,000 retail stores in Asia, Europe, and the Americas. It also has over 500 partners and distributors worldwide, with the stores section of Guess currently operational in over 100 countries throughout the world.
The hackers stole personal and financial details
The investigation into the attack revealed that that threat actors stole personal and financial information from the company’s network. Guess has identified the addresses of all the affected customers and has mailed them with an update about the attack.
The fashion retailer started mailing affected victims on June 9, providing one-year free credit monitoring and identity theft protection services for the victims.
The letters were signed by Susan Tenney, Guess’ Human Resource senior director, and sent to only customers who reside in Maine, although others from other locations were affected.
Data linked to May ransomware attack
A Guess spokesperson, who was asked about the incidence, did not say how many customers were affected. However, the spokesperson noted that “no customer card information was involved.”
The company didn’t confirm whether the recent breach was part of a ransomware attack. However, ransomware group Darkside, in April, posted victim’s data that appears to be from the retail firm.
Guess also stated that the incidence doesn’t have any impact on its financial results of operations.
In April, DarkSide sends one of its members to speak with a reporter from Darkbreaches.net. The member told the site that from the financial records they studied, the company has brought in about $2.7 billion in revenue since last year.
Guess notified users after investigation
The representative also stated that the ransomware gang carries their operations in different stages and informs the press when they are certain the company is unwilling to pay the ransom amount. The messages were written in Russia, but interpreted by Bleeping Computer.
It’s not clear why Guess decided to wait for a long time before divulging the hacking incident to affected customers.
In most cases, any victimized organization goes into an investigation after a ransomware attack. There could be delays due to the investigation and negotiation with the threat actors. After their infamous attack on Colonial Pipeline, DarkSide shut down its operations in May.
However, in a letter addressed to the victims, Guess stated that it has been investigating the incidence and only recently concluded the investigation. According to the firm, the attack was targeted at encrypting files and disrupting their business operations.
Stolen data could be used for further phishing attacks
To help victims avoid being further targets of phishing attacks, Guess is offering additional services of setting up a call center. The service is specifically for the victims and others with questions about the incident. It is also set up for those looking to enroll in credit card monitoring services.
Security awareness advocate at KnowBe4, Erich Kron, commented that the recent attack shows how connected these ransomware attackers are. While the DarkSide threat actors seem to have closed shop, it doesn’t mean others cannot connect with them to copy their attacking methods.
Worryingly, the stolen data can be sold to other threat actors who may launch further identity theft attacks as well as phishing attacks.
The organization has collected a significant amount of data, including driver’s license numbers, social security numbers, passport numbers, as well as debit card numbers. The researcher says these details can be very useful to other cybercriminals and threat actors who want to launch attacks on the victims in the future.