Shein owner Zoetop fined $1.9m over data breach response - Uk Tech News Blog
Shein owner Zoetop fined $1.9m over data breach response - Uk Tech News Blog
The owner of fast-fashion site Shein has been fined $1.9m (£1.69m) over its handling of a data breach.
Credit-card and login details for 39 million Shein accounts were stolen in 2018 after its parent company, Zoetop, was targeted by hackers.
New York Attorney General Letitia James said Zoetop had lied about the extent of the breach and had notified "only a fraction" of affected customers.
Shein says it has taken "significant steps" to improve its cyber-security.
Names, email addresses, passwords and credit-card information belonging to tens of millions of Shein account holders were stolen by hackers and sold online.
A further seven million account holders of Romwe, another fast-fashion site owned by Zoetop, were caught up in the 2018 breach.
The New York Attorney General's office said Zoetop had failed to safeguard customer data and to inform millions of account holders their personal information had been exposed.
Among those affected were more than 800,000 customers living in New York.
"While New Yorkers were shopping for the latest trends on Shein and Romwe, their personal data was stolen and Zoetop tried to cover it up," Ms James said.
Her office said Zoetop had lied about the size of the breach - initially reporting that only 6.42 million Shein accounts had been exposed in the hack.
The bulk of the 39 million affected account holders were not contacted and there was no forced password reset for all those accounts.
At the time, the company also told consumers it had seen "no evidence" of credit-card or payment information being compromised and only email addresses and passwords had been stolen.
"Failing to protect consumers' personal data and lying about it is not trendy," Ms James said.
0 Comments