{
	"id": "ab1acf85-7a45-4209-a75e-60d1aaaba6a5",
	"created_at": "2026-04-06T00:16:26.583105Z",
	"updated_at": "2026-04-10T03:21:09.56493Z",
	"deleted_at": null,
	"sha1_hash": "0e1aa0ebf75f44fa91ed5ff74e643ae60d033293",
	"title": "Guess Fashion Brand Deals With Data Loss After Ransomware Attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 64643,
	"plain_text": "Guess Fashion Brand Deals With Data Loss After Ransomware\r\nAttack\r\nBy Becky Bracken\r\nPublished: 2021-07-13 · Archived: 2026-04-05 13:47:00 UTC\r\nAn attack on Guess compromised the personal and banking data of 1,300 victims.\r\nA February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still\r\ncausing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and\r\nbanking data exposed during the breach.\r\nThe letter, published by BleepingComputer, offers victims a year of free credit monitoring and identity theft\r\nprotection. But it’s Guess’s breach notification filing with Maine’s Attorney General’s Office that said more than\r\n1,300 people had their information compromised during the ransomware attack, including account numbers, debit-and credit-card numbers, and even the related security codes, access codes and personal identification numbers.\r\nGuess said the leaked data was discovered during a forensic examination of the attack, which was completed on\r\nJune 3.\r\n“The information accessed or acquired may have included your Social-Security number, driver’s-license number,\r\npassport number, and/or financial account number,” the letter read.\r\nEmployees and Contractors Exposed\r\nGuess director of public relations, Kaitlyn Quail, later clarified it wasn’t customers of the retailer who had their\r\ninformation compromised, rather what she called a “subset of employees and contractors whose information was\r\ninvolved.”\r\nAt the time of the ransomware attack, the group DarkSide bragged it had stolen more than 200 GB of data from\r\nthe mall stalwart. They even included a professional recommendation about the best way to pay the ransom.\r\n“We recommend using your insurance, which just covers this case. It will bring you four times more than you\r\nspend on acquiring such a valuable experience,” DataBreaches.net reported in April.\r\nThe group’s audacity led them to attack the U.S. Colonial Pipeline later, after which their DarkSide operations\r\nwere interrupted, and their servers and funds confiscated.\r\nThe fallout threat to the victims stemming from the Guess ransomware attack will remain for years to come,\r\naccording to Uriel Maimon with PerimeterX.\r\nhttps://threatpost.com/guess-fashion-data-loss-ransomware/167754/\r\nPage 1 of 2\n\n“When hackers obtain information from a breach, both the company and it’s customers can be affected for years to\r\ncome,” Maimon said via email. “Personal information, for example, can be used to create synthetic identities that\r\nare then used to generate fraudulent credit card or loan applications which inevitably affects the original users but\r\nalso the financial institution.”\r\nGuess Breach ‘Extremely Valuable’ Dataset\r\nThe incredibly sensitive nature of the breached data would be valuable to anyone looking to steal identities,\r\naccording to Erich Kron with KnowBe4.\r\n“Although the Darkside ransomware group is out of commission, that does not mean this breach is insignificant,”\r\nKron told Threatpost. “The significant amount and very personal types of data being collected by the organization,\r\nincluding passport numbers, Social-Security numbers, driver’s-license numbers, financial account and/or\r\ncredit/debit-card numbers with security codes, passwords or PIN numbers, is an extremely valuable dataset for\r\ncybercriminals if they want to steal identities. ”\r\nHe cautioned organizations to avoid storing this type of data for long periods of time.\r\nDirk Schrader with New Net Technologies was a bit harsher in his criticism of Guess and said he’s going to be on\r\nthe lookout for the Security and Exchange Commission to get involved.\r\n“There is a fairly large number of unanswered questions in this breach notification and the event itself,” Schrader\r\ntold Threatpost. “Why sensitive personal information like SSNs or account details was stored in clear text is one\r\nof them. Being stock-listed, it will be interesting to read through filings for additional details and whether SEC\r\nwill ask for more details.”\r\nCheck out our free upcoming live and on-demand webinar events – unique, dynamic discussions with\r\ncybersecurity experts and the Threatpost community.\r\nSource: https://threatpost.com/guess-fashion-data-loss-ransomware/167754/\r\nhttps://threatpost.com/guess-fashion-data-loss-ransomware/167754/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://threatpost.com/guess-fashion-data-loss-ransomware/167754/"
	],
	"report_names": [
		"167754"
	],
	"threat_actors": [],
	"ts_created_at": 1775434586,
	"ts_updated_at": 1775791269,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0e1aa0ebf75f44fa91ed5ff74e643ae60d033293.pdf",
		"text": "https://archive.orkl.eu/0e1aa0ebf75f44fa91ed5ff74e643ae60d033293.txt",
		"img": "https://archive.orkl.eu/0e1aa0ebf75f44fa91ed5ff74e643ae60d033293.jpg"
	}
}