{
	"id": "990c49b0-595e-4223-b780-8266e5207dab",
	"created_at": "2026-04-06T00:15:09.350649Z",
	"updated_at": "2026-04-10T03:21:18.290995Z",
	"deleted_at": null,
	"sha1_hash": "c901b91525dacfa26a5e6e0e2e51ca0b02272037",
	"title": "Fashion retailer Guess discloses data breach after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2180386,
	"plain_text": "Fashion retailer Guess discloses data breach after ransomware attack\r\nBy Sergiu Gatlan\r\nPublished: 2021-07-12 · Archived: 2026-04-05 23:13:29 UTC\r\nAmerican fashion brand and retailer Guess is notifying affected customers of a data breach following a February\r\nransomware attack that led to data theft.\r\n\"A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’\r\nsystems between February 2, 2021 and February 23, 2021,\" the company said in breach notification letters mailed\r\nto impacted customers.\r\n\"On May 26, 2021, the investigation determined that personal information related to certain individuals may have\r\nbeen accessed or acquired by an unauthorized actor.\"\r\nhttps://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nGuess directly operates 1,041 retail stores in the Americas, Europe, and Asia, and its distributors and partners another 539\r\nadditional stores worldwide as of May 2021. The stores part of Guess' retail network currently operate in roughly 100\r\ncountries around the world.\r\nPersonal and financial info stolen in the attack\r\nThe fashion retailer identified the addresses of all impacted individuals after completing a full review of the documents\r\nstored on breached systems on June 3, 2021.\r\nGuess began mailing breach notification letters to affected customers on June 9, offering complimentary identity theft\r\nprotection services and one year of free credit monitoring through Experian to all impacted individuals.\r\nAccording to the breach notifications mailed on Friday, information exposed in the attack includes personal and fin\r\n\"On May 26, 2021, the investigation determined that personal information related to certain individuals may have been\r\naccessed or acquired by an unauthorized actor,\" Guess said.\r\n\"The investigation determined that Social Security numbers, driver's license numbers, passport numbers and/or financial\r\naccount numbers may have been accessed or acquired.\"\r\nWhile the breach notification letters do not reveal the number of affected individuals, information filed with the office of\r\nMaine's Attorney General shows that just over 1,300 people had their data exposed or accessed during the February attack.\r\nThe filed breach info also reveals that the information acquired during the incident includes \"Financial Account Number or\r\nCredit/Debit Card Number (in combination with security code, access code, password or PIN for the account).\"\r\nGuess has implemented additional measures to boost its security protocols and is cooperating with law enforcement as part\r\nof an ongoing incident investigation.\r\nDarkSide ransomware likely behind the attack\r\nEven though Guess did not provide any info on the identity of the threat actor behind the ransomware attack,\r\nDataBreaches.net reported in April that the DarkSide ransomware gang listed Guess on their data leak site.\r\nAt the time, the ransomware group claimed to have stolen over 200 GB worth of files from the fashion retailer's network\r\nbefore attempting to encrypt their systems.\r\nDarkSide has been active since at least August 2020, focusing on corporate networks and asking millions of dollars\r\nfor decryptors and the promise not to leak the stolen data online.\r\nThe ransomware gang landed in the crosshairs of US law enforcement after taking down Colonial Pipeline, the largest fuel\r\npipeline in the US, in May.\r\nAfter heightened scrutiny from law enforcement and having some of their infrastructure seized or brought down, DarkSide\r\nsuddenly shut down in late May, allegedly out of fear of being arrested.\r\nUpdate: When asked to confirm the identity of the threat actors behind the incident, Guess' Director of Public\r\nRelations Kaitlyn Quail sent BleepingComputer the following statement after the article was published:\r\nGuess?, Inc. recently concluded an investigation into a security incident that involved unauthorized access to\r\ncertain systems on Guess?, Inc.’s network. We engaged independent cybersecurity firms to assist in the\r\ninvestigation, notified law enforcement, notified the subset of employees and contractors whose information was\r\ninvolved and took steps to enhance the security of our systems. The investigation determined that no\r\ncustomer payment card information was involved.  This incident did not have a material impact on our operations\r\nor financial results.\r\nhttps://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/"
	],
	"report_names": [
		"fashion-retailer-guess-discloses-data-breach-after-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434509,
	"ts_updated_at": 1775791278,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c901b91525dacfa26a5e6e0e2e51ca0b02272037.pdf",
		"text": "https://archive.orkl.eu/c901b91525dacfa26a5e6e0e2e51ca0b02272037.txt",
		"img": "https://archive.orkl.eu/c901b91525dacfa26a5e6e0e2e51ca0b02272037.jpg"
	}
}