Shein owner Zoetop fined $1.9 million over data breach response

Fast fashion website owner Shein has been fined $1.9 million (£1.69 million) for handling a data breach.

Login details for 39 million Shein accounts were stolen in 2018 after its parent company, Zoetop, was targeted by hackers.

New York Attorney General Letitia James said Zoetop had lied about the extent of the breach and had notified "only a fraction" of the customers affected. Shein said it had taken "significant steps" to improve its cybersecurity. The names, email addresses, passwords and credit card information of tens of millions of Shein account holders were stolen by hackers and sold online.

A further seven million account holders of Romwe, another fast fashion site owned by Zoetop, were caught in the 2018 breach. The New York Attorney General's Office said Zoetop had failed to protect customer data and notified millions of account holders that their personal information had been exposed. Among those affected are more than 800,000 customers living in New York.

"While New Yorkers were shopping for the latest trends in Shein and Romwe, their personal data was stolen and Zoetop was trying to cover it up," said James.

His office said Zoetop had lied about the size of the breach - initially reporting that only 6.42 million Shein accounts were exposed in the hack. Most of the 39 million affected account holders were not contacted and there were no forced password resets for any of those accounts. At the time, the company also told consumers there was "no evidence" of compromised credit or payment information and only email addresses and passwords had been stolen.

"Failing to protect consumers' personal data and lying about it is not trendy," said James.

'Button' on cybersecurity

Romwe and Shein have become popular e-commerce destinations for millennial and “Gen Z” shoppers looking for trending fashion items at bargain prices.

In 2021, Shein's mobile app briefly jumped ahead of Amazon on the iOS and Android app charts as the most downloaded shopping app in the US, with items costing $10.70 (£7.90) on average.

But James said the brand has weak cybersecurity, making it "easy for hackers to steal consumers' personal data". The attorney general said companies need to "activate their cybersecurity measures" to protect customers. A spokeswoman for Shein said: "We have fully cooperated with the New York attorney general and are pleased to have resolved this matter.


"Protecting our customers' data and maintaining their trust is a top priority, especially with the ongoing cyber threats facing businesses around the world."

Post a Comment

Lebih baru Lebih lama