Guess, which operates 1,041 stores in the Americas, Europe and Asia, said that there had been unauthorized access to its system between February 2, 2021, and February 23, 2021.
“On May 26, 2021, the investigation determined that personal information related to certain individuals may have been accessed or acquired by an unauthorized actor.”
The fashion retailer had been able to identify every impacted address as of June 3. It began emailing impacted users with complimentary identity theft protection services shortly after, through the service Experian. The information exposed in the attack included personal and financial information and affected around 1,300 people, according to information filed with Maine’s attorney general.
“The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired,” the company said, per Bleeping Computer. The report from Bleeping Computer added that the information stolen also included the “Financial Account Number or Credit/Debit Card Number (in combination with security code, access code, password or PIN for the account).”
According to Guess, the company has since implemented new security measures. It is also working with law enforcement on the still-ongoing investigation.
PYMNTS has reported on the increasingly prolific fraud and high-tech attacks like ransomware that have been occurring especially since the pandemic. Fraudsters jumped on the pandemic because of the quick switch to digital and the ensuing confusing and chaotic transition leaving gaps open for criminals.
That includes what was recently reported as the potentially largest ransomware attack ever, which affected around 800 to 1,500 small businesses. The breach happened at B2B software company Kaseya. The breach spread to Kaseya’s customers, of which there were so many that the company had trouble discerning the impact of the attack.