Cyber Incident Victim: Guess, Inc.
Date:
Feb 2021
Location:
United States of America
Summary
A ransomware attack compromised systems at Guess, Inc., leading to unauthorized access and theft of sensitive personal and financial data. The incident exposed Social Security numbers, driver’s licenses, passport details, and financial account information—including credit/debit card numbers paired with security codes or PINs—affecting over 1,300 individuals. The company engaged forensic investigators, notified impacted customers, and offered identity protection services while enhancing security measures and collaborating with law enforcement. The DarkSide ransomware group claimed responsibility for the breach, alleging exfiltration of substantial data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2021, Guess, Inc. experienced a ransomware attack resulting in unauthorized access to its systems between February 2 and February 23. The company engaged a cybersecurity forensic firm to investigate the incident, which confirmed on May 26 that personal information of certain individuals had potentially been accessed or acquired by an unauthorized actor. The investigation revealed the breach involved sensitive data including Social Security numbers, driver's license numbers, passport numbers, and financial account information. Specific financial data exposed included credit/debit card numbers combined with security codes, access codes, passwords, or PINs. Guess completed a review of documents stored on compromised systems by June 3, 2021, identifying addresses of all impacted individuals. Notification letters were mailed starting June 9, offering complimentary identity theft protection services through Experian to affected customers. The breach notification filed with Maine's Attorney General indicated approximately 1,300 individuals had their data exposed. Guess operates 1,041 retail stores globally with an additional 539 partner-operated locations as of May 2021, though the notification did not specify whether particular regions or systems were disproportionately affected.
The DarkSide ransomware group was implicated in the attack after listing Guess on their data leak site in April 2021, claiming to have stolen over 200GB of data. While Guess did not publicly confirm the attackers' identity, the timeline aligns with DarkSide's operational period before disbanding in May 2021. The company implemented enhanced security measures following the breach and coordinated with law enforcement during the ongoing investigation. No ransomware payment or data deletion confirmation was disclosed in available sources. The incident exposed financial and personally identifiable information but did not reportedly disrupt retail operations across Guess's 100-country network. Impacted individuals received notifications detailing the types of compromised data nearly four months after the initial intrusion period concluded.