Clothing retailer Guess? Inc. has informed affected customers of a data breach in February that involved the theft of data.

The information was detailed in a letter sent to customers, according to Bleeping Computer today, that states it discovered a “cybersecurity incident designed to encrypt files and disrupt business” on Feb. 19. Without Guess using the specific word, that’s a description of a ransomware attack.

The company noted that after launching an investigation, it was determined that there was unauthorized access to certain Guess systems between Feb. 2 and Feb 23. On May 26, the investigation then determined that personal information relating to individuals may have been accessed or acquired by an “unauthorized actor.” That information includes Social Security numbers, driver’s license numbers, passport numbers and financial account numbers.

In a usual check box to a ransomware attack response, Guess said it had notified law enforcement, implemented additional security measures and offered complimentary one-year membership to a credit protection service.

Although Guess hasn’t named the group the attack, DataBreach.net attributed the attack on Guess to the DarkSide ransomware group in April. That group was initially best known for donating some proceeds from its ransomware attacks to charity in October but became far better known after being tied to the high-profile breach at Colonial Pipeline Co. in May.

DarkSide subsequently announced that it was ending operations the same month, which begs the question: Where did the Guess data go?

DataBreaches.net noted that when it first spoke to DarkSide operators in April, the group claimed to have 200 gigabytes of data stolen from Guess but that data was never dumped in the open. “Is it in the hands of an affiliate? Was it on a server that got seized?” DataBreaches.net wrote before adding that DarkSide did say it would hand over its decryption tools to affiliates.

Whether those affiliates received a decryption key for the Guess data is not known. That Guess is just now informing customers of the data breach could be a coincidence, or perhaps the data has now been decrypted and accessed by a DarkSide affiliate.

Photo: Bargainmoose/Flickr