Fashion Retailer Guess Data Breach, Experts Insight

Fashion retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. The disclosure states that data including “Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.” The company did not disclose how many individuals accounts were compromised, but the office of Maine’s Attorney General shows that the attack affected over 1,300 people.

Though the company did not report who had claimed responsibility for the attack, DataBreaches.net reported in April that the DarkSide ransomware gang had listed Guess on their data leak site, claiming to have stolen over 200 GB of data from the retailer. Experts with Gurucul and Shared Assessments offer perspective.

Experts Comments

July 13, 2021
Nasser Fattah
Executive Advisor
Shared Assessments

Important to note a significant percentage of ransomware also includes data exfiltration/leakage.  And when this happens, not only there is a responsibility for companies to inform their customers of data leakage, but also many states require by law data breach notifications to customers [potentially] impacted.

July 14, 2021
Jonathan Knudsen
Senior Security Strategist
Synopsys
The only question that matters is: how can a problem like this be prevented? The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored.
To prevent accidental or malicious disruptions, organisations must adopt a proactive, security-first approach
.....Read More
The only question that matters is: how can a problem like this be prevented? The reason ransomware is so successful is that so few organisations are properly prepared. Organisations often focus solely on functionality when selecting, deploying, and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored.
To prevent accidental or malicious disruptions, organisations must adopt a proactive, security-first approach to software. Where is your data? How is it protected? If something bad happens, like a ransomware attack or a tsunami, how will you recover? Software is a powerful tool for organisations of all kinds, but it must be selected, deployed, operated, and maintained inside a framework of security and resilience.
  Read Less
July 13, 2021
Tom Garrubba
Senior Director and CISO
Shared Assessments

It appears that Guess is taking the correct steps in dealing with this incident; however, I’m curious as to the maturity of their overall cybersecurity posture prior to this occurrence as they reportedly implemented “additional measures to boost its security protocols”. No organization can let their guard down and they must continue to be thorough in understanding the existing threat environment and research to anticipate how they can be affected in future attacks. Constant diligence is

.....Read More

It appears that Guess is taking the correct steps in dealing with this incident; however, I’m curious as to the maturity of their overall cybersecurity posture prior to this occurrence as they reportedly implemented “additional measures to boost its security protocols”. No organization can let their guard down and they must continue to be thorough in understanding the existing threat environment and research to anticipate how they can be affected in future attacks. Constant diligence is required to ensure you’re adequately prepared along with reviewing existing and new technologies to assist in reducing your attack profile.

  Read Less
July 13, 2021
Saryu Nayyar
CEO
Gurucul

Guess what? Your data is compromised. Your personal information is available on the dark web. Let’s take the guesswork out of this: with SSNs, passport numbers and driver’s license numbers taken, the victim’s personal data is likely already being used to create fake new identities and open a rash of new accounts. Identity theft protection for one year is a nice gesture but it won’t be enough to protect these victims in the long run. Guessing this will be a nightmare for all involved.

.....Read More

Guess what? Your data is compromised. Your personal information is available on the dark web. Let’s take the guesswork out of this: with SSNs, passport numbers and driver’s license numbers taken, the victim’s personal data is likely already being used to create fake new identities and open a rash of new accounts. Identity theft protection for one year is a nice gesture but it won’t be enough to protect these victims in the long run. Guessing this will be a nightmare for all involved.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.