American retail chain Guess has been the victim of a ransomware attack. Privately sensitive data from customers was stolen, including driver’s licenses and bank account numbers. The victims were informed of the attack and the data breach by letter.
In the letter to victims, Guess writes that an unauthorized person had access to the clothing brand’s computer system between February 2 and 23 of this year. When ICT employees got wind of this, they immediately took measures and started an investigation into the incident. At the end of May, they found that the perpetrator had seen or stolen personal information. It concerned social security numbers (BSN), driver’s licenses, passports and bank account numbers.
The company also writes that it has taken extra security measures to prevent a recurrence in the future. The police and other enforcement agencies have been called in and are currently investigating the matter. Guess calls on victims to be vigilant against phishing, spamming and identity theft. If the latter occurs and damage results from it, this damage will be covered.
Guess has just over a thousand clothing stores in the US, Europe and Asia. The clothing brand is active in about a hundred countries worldwide. For now, it seems that only American consumers are the victims of ransomware attacks. It is unknown how many casualties there have been. According to BleepingComputer, about 1,300 customers are involved.
Guess does not say who is behind the ransomware attack. There is strong evidence that DarkSide is responsible for this. The website Databreaches.net reported in April that the Russian hackers mentioned the American clothing brand on their site. They reportedly managed to get their hands on 200 GB of confidential data. The attackers threatened to make this data public unless the clothing brand paid a ransom. It is unknown how much money was involved.
BleepingComputer asked the PR department of Guess if they could confirm the identity of the perpetrators. She does not say anything about this in a written statement. The head of the PR department does say that the ransomware attack has had no impact on business operations or financial results.
DarkSide is a notorious hacker group that has been operating out of Russia since August 2020. In this short time, the gang has made a large number of victims. The best known and most recent is Colonial Pipeline. Similar to Guess, the attackers carried out a ransomware attack. In doing so, they locked up entire computer systems and allegedly stole 100 GB of company-sensitive data. ‘Out of national interest’, the director of the oil company decided to pay 4.4 million dollars in ransom.
Brenntag, a German distribution company that transports chemicals, was also targeted by DarkSide last May. The hackers allegedly stole 150 GB of data, including financial reports, non-disclosure agreements (NDAs), chemical formulas and confidential personal information of employees. Like Colonial Pipeline, the company put $4.4 million on the table to undo the effects of the ransomware.
After the above attacks, DarkSide decided to stop. This may have happened involuntarily. A spokesperson for the Russian hacker group REvil said they had taken DarkSide’s servers and websites offline. The attack on Colonial Pipeline and Brenntag not only had an immense impact on society but also put the Russian hackers on the radar of law enforcement agencies. Furthermore, the attacks were bad for REvil’s image. Since then, the group no longer advertises Ransomware-as-a-Service.
At the beginning of this month, the Dutch police confiscated a DarkSide server. It said it contained terabytes of stolen data. Because this data was not encrypted, the police could read everything. For example, she knew that an unknown Dutch tech company had fallen victim to DarkSide. Thanks to good backups, the company was able to get back to work soon after the attack.
Catch up on more articles here
Follow us on Twitter here