Shein owner fined $1.9m for failing to notify 39m users of data breach

A 2018 data breach puts Shein in the spotlight as the super-fast fashion e-commerce platform continues to conquer Gen-Z markets around the world.

Zoetop, the company that owns Shein and its sister brand Romwe, has been fined $1.9 million by New York for failing to properly handle a security incident, according to a notice from the Office of the state attorney general this week. New York does not publicly post data breach notifications like Maine, New Hampshire, California, or other states, which is why the GA came much later than when the cyberattack happened.< /p>

Shein, which was founded in China and recently moved its major assets to Singapore, has seen explosive growth during the pandemic as virus prevention drives consumers to shop online. Its jaw-dropping price and vast clothing options have made it one of the fastest growing consumer internet platforms in the world over the past two years.

The company's meteoric rise puts the once low-key Chinese fashion exporter in the spotlight. Just a few years ago, there were no public relations staff dedicated to handling growing media demands for supply chain transparency and alleged design theft as it grows. and prepares for an IPO.

The data breach brings him another public relations problem. The company says it has significantly tightened its security measures since then.

"We have cooperated fully with the New York Attorney General and are pleased to have resolved this matter. Protecting our customers' data and maintaining their trust is a top priority, especially with the ongoing cyber threats that are weighing on businesses around the world. Since the data breach, which occurred in 2018, we have taken significant steps to further strengthen our cybersecurity posture and we remain vigilant,” Shein said in a statement. /p>

A cybersecurity attack that began in 2018 resulted in the theft of 39 million Shein account credentials, including those of more than 375,000 New York residents, according to the AG announcement. An investigation by the AG's office found that Zoetop only contacted "a fraction" of the 39 million compromised accounts, and for the vast majority of affected users, the company didn't even warn that their login credentials had been stolen.

The AG's office also concluded that Zoetop's public statements regarding the data breach were misleading. In one case, the company falsely stated that only 6.42 million consumers had been affected and that it was in the process of notifying all affected users.

A lot has changed since 2018. Shein has gone from a promising online fast fashion seller at the time to a global e-commerce platform that threatens Amazon. In the second quarter of this year, app downloads in the United States surpassed those of Amazon for the first time. The data breach may be dated, but keep in mind that Shein has been operating since 2008, so four years is fairly recent in the history of the company's existence. Frugal, trend-seeking Gen-Z consumers might continue to shop on Shein despite its advertising issues, but to earn the trust of regulators and the general public, there's still a long way to go.