American fashion retailer Guess has begun notifying its customers, employees and contractors of a data breach that compromised their personal and financial information, Bleeping Computer reports.
According to a statement from Guess, a cybersecurity forensic firm helped the retailer conduct an investigation into a ransomware attack that occurred in February. The investigation determined that personal information such as Social Security numbers, passport numbers and/or financial account numbers may have been accessed by an “unauthorized actor.” Customers’ payment card information was not compromised.
The article says information filed with the office of Maine’s Attorney General shows that just over 1,300 people had their data exposed or accessed during the February attack.
While Guess didn’t name the identity of the unauthorized actor, DataBreaches.net first reported in April that the DarkSide hacking collective listed Guess among its recent victims.
DarkSide is the hacking collective behind the May cyberattack on Colonial Pipeline, which shut down 5,500 miles of pipeline in the U.S. The group reportedly received a $5 million ransom payment from Colonial Pipeline.
Read more at Bleeping Computer.
Advertisement
UPDATE: Following the publication of this article, Guess provided the following statement to VMSD:
Guess?, Inc. recently concluded an investigation into a security incident that involved unauthorized access to certain systems on Guess?, Inc.’s network. We engaged independent cybersecurity firms to assist in the investigation, notified law enforcement, notified all individuals involved, and took steps to enhance the security of our systems. The vast majority of individuals Guess notified were employees and contractors, and no customer payment card information was involved. This incident did not have a material impact on our operations or financial results.