article featured image


In a filing with the Maine Attorney General’s Office, the American clothing brand and retailer Guess declared it had suffered a ransomware cyberattack back in February and confirmed that the private information of some customers has been compromised.

A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess’ systems between February 2, 2021, and February 23, 2021.

On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.


Fashion Brand Guess operates some 1,680 stores in 100 countries worldwide. It directly operates more than 945 stores and concessions in the US, Canada, Europe, the Middle East, and Asia. Another 735 stores and concessions are run by licensees and distributors in the same markets.

What Information Was Stolen?

Guess identified the addresses of all affected customers following a complete review of the documents stored on breached systems on June 3, 2021.

On July 9, 2021, Guess started mailing notification letters to the individuals whose information may have been involved. The company is offering one-year membership in credit monitoring free of charge and identity theft protection services through Experian to those affected by the data breach.

Guess has also established a dedicated call center for individuals to call with questions about the incident or enrolling in credit monitoring services.

According to the breach notifications sent by the fashion retailer, information exposed in the cyberattack includes personal and financial details.

On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.

The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.


According to BleepingComputer, around 1,300 people had their data exposed or accessed during the February attack.

As declared by Guess, the information accessed or acquired may have included customer Social Security number, driver’s license number, passport number, and/or financial account number.

The fashion retailer says it has implemented additional measures to improve its network security and mitigate the risks of similar incidents occurring in the future and is cooperating with law enforcement as part of an incident investigation in progress.

Who Is Behind the Guess Ransomware Attack?

Guess representatives would not confirm whether the breach was part of a ransomware attack, but the fashion organization appeared on the victim data leak site for ransomware group DarkSide in April.

Also, the DarkSide ransomware gang openly claimed to have stolen over 200 GB worth of files from the fashion retailer’s network before attempting to encrypt their systems.

DarkSide is a ransomware program that began attacking organizations worldwide in August 2020. Originally discovered by MalwareHunterTeam, DarkSide ransomware is described as a high-risk ransomware-type virus that seems to be operated by former affiliates of other ransomware campaigns.

When asked to confirm the identity of the threat actors behind the incident, Guess’ Director of Public Relations Kaitlyn Quail sent BleepingComputer the following statement after the article was published:

Guess?, Inc. recently concluded an investigation into a security incident that involved unauthorized access to certain systems on Guess?, Inc.’s network. We engaged independent cybersecurity firms to assist in the investigation, notified law enforcement, notified the subset of employees and contractors whose information was involved, and took steps to enhance the security of our systems. The investigation determined that no customer payment card information was involved.  This incident did not have a material impact on our operations or financial results.


Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.