The parent firm, Zoetop, was hacked in 2018, and as a result, the credentials for 39 million Shein accounts were compromised. According to New York Attorney General Letitia James, Zoetop lied about the scope of the hack and informed “just a percentage” of affected consumers. Shein claims to have made “major steps” to strengthen its cyber defences.
Tens of millions of Shein customers had their names, email addresses, passwords, and credit card details stolen and then sold on the dark web. Romwe, another fast-fashion site owned by Zoetop, had seven million of its users’ accounts compromised in the same attack in 2018.
The New York Attorney General’s office said that Zoetop failed to take adequate measures to protect consumer information and notify millions of account holders that their data may have been compromised.
More than 800,000 New York Residents Were Affected
Ms. James claimed that while New Yorkers were looking for the season’s hottest looks on Shein and Romwe, their personal information was stolen and Zoetop attempted to cover it up.
Her office said that Zoetop had exaggerated the scope of the incident, saying that just 6.42 million Shein accounts had been compromised although the company had reported a much smaller number.
A large portion of the 39 million impacted account holders was not notified, and there was no mandatory password reset for all of those accounts. There was “no proof” at the time that customer’s credit card or payment information had been hacked; instead, hackers had gained access to email addresses and passwords.
“Failing to Protect Consumer Personal Data and Lying About It Is Not Cool,” Ms. James Added.
- The need to “button up” cyber security Online retailers like Romwe and Shein have exploded in popularity among millennials and “Gen Z” members because of their wide selection of cheap, on-trend clothing and accessories.
- In 2021, Shein’s mobile app was briefly the most downloaded shopping app in the United States, surpassing Amazon on both iOS and Android app charts. Items on the app cost an average of $10.70 (£7.90).
- Ms. James, however, claimed that “it is easy for hackers to shoplift consumers’ personal data” because to the firms’ lax cyber-security.
- The attorney general recommended that the businesses “button up their cyber-security procedures” to safeguard their clients.
- “We are glad to have settled this problem,” a Shein spokeswoman said, adding that the company had “completely cooperated” with the New York attorney general.
- The continued existence of cyber threats to organisations around the world makes protecting consumer data and retaining client trust an absolute need.