Clothing retailer Guess informs customers of February data breach
source link: https://siliconangle.com/2021/07/12/clothing-retailer-guess-informs-customers-february-data-breach/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Clothing retailer Guess? Inc. has informed affected customers of a data breach in February that involved the theft of data.
The information was detailed in a letter sent to customers, according to Bleeping Computer today, that states it discovered a “cybersecurity incident designed to encrypt files and disrupt business” on Feb. 19. Without Guess using the specific word, that’s a description of a ransomware attack.
The company noted that after launching an investigation, it was determined that there was unauthorized access to certain Guess systems between Feb. 2 and Feb 23. On May 26, the investigation then determined that personal information relating to individuals may have been accessed or acquired by an “unauthorized actor.” That information includes Social Security numbers, driver’s license numbers, passport numbers and financial account numbers.
In a usual check box to a ransomware attack response, Guess said it had notified law enforcement, implemented additional security measures and offered complimentary one-year membership to a credit protection service.
Although Guess hasn’t named the group the attack, DataBreach.net attributed the attack on Guess to the DarkSide ransomware group in April. That group was initially best known for donating some proceeds from its ransomware attacks to charity in October but became far better known after being tied to the high-profile breach at Colonial Pipeline Co. in May.
DarkSide subsequently announced that it was ending operations the same month, which begs the question: Where did the Guess data go?
DataBreaches.net noted that when it first spoke to DarkSide operators in April, the group claimed to have 200 gigabytes of data stolen from Guess but that data was never dumped in the open. “Is it in the hands of an affiliate? Was it on a server that got seized?” DataBreaches.net wrote before adding that DarkSide did say it would hand over its decryption tools to affiliates.
Whether those affiliates received a decryption key for the Guess data is not known. That Guess is just now informing customers of the data breach could be a coincidence, or perhaps the data has now been decrypted and accessed by a DarkSide affiliate.
Photo: Bargainmoose/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.
“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK