SHEIN and Romwe Owner Hit with $1.9 Million in Fines

  • By Steven
  • Oct 17, 2022

shein data breach

SHEIN and Romwe are clothing retail sites best known for their high affordability and fast shipping. Both claim to be “cyber malls for the next gen(eration).” Both SHEIN and Romwe are owned by the parent company Zoetop. In 2018, Zoetop had a data breach that affected more than 39 million shoppers. SHEIN is headquartered in China, and Romwe is based in California.

How Did the Attack Occur?

In 2018, Zoetop was attacked, which left its cybersecurity in shambles. Zoetop never released the attack method, but we do know that it was a full-scale attack that affected most of SHEIN’s customers. There were tens of millions of customers affected, which did nothing to help the reputation of the multi-billion dollar fashion retailer.

What Information Was Viewed or Stolen?

The stolen information includes the login credentials, names, and credit card information of over 39 million SHEIN shoppers and another 7 million Romwe customers. Zoetop claimed to notify all affected customers immediately following the breach. A statement from the New York Attorney General read, “An investigation by the Office of the Attorney General (OAG) revealed that the company failed to properly safeguard consumers’ information prior to the data breach, failed to take adequate steps to protect many of the impacted accounts after the breach, and downplayed the extent of the cyberattack to consumers.”

How Did Zoetop Admit to the Breach?

Zoetop admitted to the breach in 2018, just after it happened, and that is not where its problems lie. The lawsuit is because Zoetop stated that the breach only affected about 6 million shoppers and that all affected consumers were being sent notifications, which proved false.

What Will Become of the Stolen Information?

From what we can tell, the hacker(s) sold the information on the dark web. Now, over 46 million people, most very young and many minors, have their personal information on the dark web. At the time of writing, it’s been four years since the incident. “Since 2018, we have significantly expanded our cybersecurity team; retained leading cybersecurity experts to help build our security organization and strengthen our global security posture to combat potential risks and vulnerabilities,” SHEIN stated. “(W)e have been certified as compliant with the ISO’s 27001 standard and the payment card industry’s Digital Security Standard for data protection.”

What Should Affected Parties Do in the Aftermath of the Breach?

In the aftermath of the breach, it’s a good idea for customers to invest in device scanning and protecting software. You can use this software to sweep your device for malware or other dangerous software and alert you if your information is on an unauthorized site. Another great idea is to watch your credit score and credit card reports. As with any card, alert your provider if there are any purchases that you did not make or authorize.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Healthcare Management Solutions, known as a healthcare-related consulting company from West Virgini, has over 100 employees and brings in nearly $20M annually.

How to Remove Hard Inquiries from a Credit Report

How to Remove Hard Inquiries from a Credit Report

A credit score is an invisible number, yet it often feels like it controls our lives. It determines what we can buy and how much we'll have to pay.

What is Endpoint Security, and Why is it Important?

What is Endpoint Security, and Why is it Important?

Businesses can make every effort to beef up corporate network security, but those improvements mean very little if criminals choose to break into an already connected device.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close